Extracted

• • Target

    c6fbb7022c7beb3b4c840cb4d46b35f237a29ef70d6c400e673eedc55698d3c4exe.exe

  • Size

    1.9MB

  • MD5

    b483c722d53182cb7b35e0604b6603c7

  • SHA1

    821a586245f977e3a6d2aae29c7a262c080cb5a2

  • SHA256

    c6fbb7022c7beb3b4c840cb4d46b35f237a29ef70d6c400e673eedc55698d3c4

  • SHA512

    efe2bc96cce1802c74277d72cd848b3c4a275bb5a1537ec59d1dc9b9a4ad60b6e733f14404d7cd07b479a8018a3872eb924befbd25256764d8f10f583a86372e

  • SSDEEP

    49152:vmMEPx6vQA7b0IyUWN/vgy0j3c6Byf1gTT:hHQAXtyBN/R0TE2X

  Score

  10^/10

  eternityredlinecollectioninfostealerspyware

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2