Extracted

• • Target

    EMV Reader-Writer v8.6.exe

  • Size

    338KB

  • MD5

    6b2aa828fd00b099b6a3f4acb72b96bc

  • SHA1

    cfb0ecfdf321d7f3cf068e40bc24b9e29c8ca686

  • SHA256

    60f53aece03a8119efd11af5a161d354604fa5f92354b4d39018b2f0b781e65b

  • SHA512

    82a5ed821f5e0b02661c88f8d777458703894d8723929dce35c9758e3bcd7d020e8dc27a89e2f7c5eee2f8f92bd69d3a6b3b303d7dc00506c433dfbce0331089

  • SSDEEP

    6144:tEtm1/I1LrZ1GXMe9rg5K33kf5n0RbsmxvHWw1i:tEtmexgMe9v0f5n02w2X

  Score

  10^/10

  eternitycollectioncredential_accessdiscoverypersistenceprivilege_escalationspywarestealer

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2