Extracted

Extracted

• • Target

    Setup.exe

  • Size

    993KB

  • MD5

    dde34dd7a89277b7b02fc45ff4062924

  • SHA1

    04124d2f2e336c2f2cad93864bd5f94d1ac50a16

  • SHA256

    4e5336a604b94c01e5a20601fdf4b18c627431c78b0609d57eec3ced40c2eed7

  • SHA512

    339db41c8d6a72bd4092b197efbb32f53284904406d0b6ee2929915398edb3ca3db31cb02f9c5cf9b16bf347c2caa1524123667dc8607263b2038e1f6ea78c71

  • SSDEEP

    24576:jkfrJg6/TDTYgGnFRqcV/+JCt9Fx0P9sqgLjuJW:K/7Yg6Q9LJW

  Score

  10^/10

  eternityumbralxwormcollectionpersistenceratspywarestealertrojan

  • Detect Umbral payload

  • Detect Xworm Payload

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1