Could someone check this file? VirusTotal isn't working for me (it keeps asking for a CAPTCHA).
https://github.com/Eidolon-dev/Eidolon/releases/download/v1.0.0/Eidolon-1.0.0-win-x64.zip
here is another angle
The extracted file once executed masquerades as a Windows application installer and the downloads another small file from this malicious link (plain HTTP, raw IP, no domain).:
http://31.77.168.180:5000/refac.exe
The downloaded file refac.exe then gets executed in the background, and its purpose is to harvest browser data (passwords, cookies, sessions etc.), and calls out to a geolocation API prior to further activity.
It looks into these folders paths
• \Google\Chrome\User Data and \Google\Chrome\Application\Chrome.exe
• \BraveSoftware\Brave-Browser\User Data and \...\Application\brave.exe
• \Mozilla\Firefox\Profiles\
• \Yandex\YandexBrowser\User Data
Here is a virus total report for the file that downloads in the background: 62/70 vendors say it's malicious
https://www.virustotal.com/gui/file/6144677a8ff6d6cb5b04403c9f07ea326419600f9b469a95502fa022613c56bd/detection