Extracted

Extracted

• • Target

    27bd995c48220dc663fab4165e8b3002.exe

  • Size

    170KB

  • MD5

    27bd995c48220dc663fab4165e8b3002

  • SHA1

    8a903e16b71d6599c09bf13d7346fd5ccb88be45

  • SHA256

    b0a4244fe2141f2262c14d9a8603c636e1a991f9d60a9f47aecabb55eff1720d

  • SHA512

    4324f86b4b7f573e6a48ea878cdcb222766c8da59c7368485bec000093ee8a65a2becac02a7c5b7c6008b5b7e250355afc654cedba6625d22e437f753810aa08

  • SSDEEP

    3072:6L6bNH++D2ehsT63Q6GmQm0dJJ3/faR+YP28K+0Lset2f:o4Zyeh0XgQmmF+5o+0LK

  Score

  10^/10

  eternityredlinesectopratnew1discoveryinfostealerpersistenceratspywarestealertrojan

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2