This game features a 15-year-old girl who is faced with a thousand challenges after inheriting a magic shop from her grandmother, Eira. The website presents a game called Eira, an open world set in a world called ‘Kauldron’. ![]() The matter became very interesting: there are too many red flags to ignore this e-mail! So I preferred to get to the bottom of it and click on the “Join NOW!” button. In the footer then there were a couple of contacts and on Telegram. ![]() The e-mail afterwards invited me to download the client immediately, I needed to pay attention while I was registering because I needed to place a certain unique code that was contained within the e-mail. In the e-mail, I was told that I was lucky because among many other people, I was drawn! I then had the chance to win some unique prizes such as NFT (only 500 copies!) and payments in ETH/USDT/LTC for each unlocked story chapter. The e-mail was about participation as a beta tester for a game called ‘EIRA’. Curiosity was such high that after a couple of hours, I downloaded the e-mail and decided to open it in a sandboxed environment (just in case!). Eira project? It doesn’t ring a bell thinking it was the usual person asking for useless feedback about his project, I decided not to open it. On a quiet afternoon, a new e-mail arrived with the subject line ‘ ACCESS TO PAID ALPHATEST “EIRA” Project’. We will address several challenges that the novice analyst faces, and we will also see how the attackers have used various gimmicks to make reverse engineering difficult. In this post, I would like to analyse in some detail the ‘Redline-EDIRA’ malware campaign that has been going on since around the beginning of May 2022. ![]() The unsuspecting user by running an ‘innocent’ executable to access prizes becomes part of a botnet. In recent months, there have been increasing attempts to spread malware via some seemingly ‘harmless’ programs, luring the user through rewards such as sending money with cryptocurrency or NFT-themed gifts.
0 Comments
Leave a Reply. |