Extracted

Extracted

• • Target

    18b8eaaca17c55a378a88b6767b14d7c.exe

  • Size

    199KB

  • MD5

    18b8eaaca17c55a378a88b6767b14d7c

  • SHA1

    cc3b16b0cee1476790ace32097d7a5e903d3ee50

  • SHA256

    a591e8d5b6ebe119919fe949d09e56224547f0cc511f21244c7cf77447e1f071

  • SHA512

    d193e675688a43bc3caad08ea7e3b58d40f7eca01ee562ab213915f76a3ea245b4b168fb19c15523cceee937b428a147d8537e80d11a881e0cd8be13750a2fa6

  • SSDEEP

    3072:VzMkEejtozYaGKfYE7VcCAZXiLF6nzL6LHVLKs+qb6jNXlwZA8a00f:VzpEQ+soAEpcCAZXiLF6zL6NPkwer

  Score

  10^/10

  eternityredlinesectopratnew1discoveryinfostealerpersistenceratspywarestealertrojan

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2