Extracted

• • Target

    a2234ee40097fa832eb3a533840e86de3933cf216fbf8445d2946cb7b61c887b

  • Size

    1.3MB

  • MD5

    70ef45cb31af0b6f37be051de4170839

  • SHA1

    1539d0c2657b60a8f75d130faf4ae1468263d103

  • SHA256

    a2234ee40097fa832eb3a533840e86de3933cf216fbf8445d2946cb7b61c887b

  • SHA512

    f9ec1b19e701fa27e7c4060cd22b99cbb4d710e909f97839c4bfb5b1e70d6216b20a19f6b302cbd0f39cd58a8a42c8d6f91154281fee0676720ae85501df36aa

  • SSDEEP

    24576:PQH3XnBXnXwS64TJxaAZNdaV9m7R4OaJR+zrwC/vNw6mpe:PQHHBXVd4A1bD

  Score

  10^/10

  eternitycollectionspywarestealer

  • Detects Eternity stealer

    stealer

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2