General
-
Target
Eulen.exe
-
Size
2.9MB
-
Sample
230331-yh6v8ach72
-
MD5
64ab87ae7a05bcaac04d9ef9de026a2b
-
SHA1
b8bf7874f90e6d7c6f9ec7a4bb2a1994604e6db2
-
SHA256
71742eab2e2584bbfd5fb33b13743aaab7cf049380af7b32cdea696b75d341c9
-
SHA512
6f92435612e5336672eb0012fe82dc0068d6e545e637f66210080bbaf1d5d2f0e7c4ee099ba0ee50b1790396f76d9a8d18e90b95d8ddb8ac701a62d0cfea3aec
-
SSDEEP
49152:JsmhnqAs9pJc0dnKh+Q0N1rs+vIUSg+6+8ohnRh1Na1OKM6nYAKhFQpSH3Oh5gxr:/qXpy05Q0N1rsYSZ6BoXh1kkypSH3Ohs
Static task
static1
Behavioral task
behavioral1
Sample
Eulen.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
Eulen.exe
-
Size
2.9MB
-
MD5
64ab87ae7a05bcaac04d9ef9de026a2b
-
SHA1
b8bf7874f90e6d7c6f9ec7a4bb2a1994604e6db2
-
SHA256
71742eab2e2584bbfd5fb33b13743aaab7cf049380af7b32cdea696b75d341c9
-
SHA512
6f92435612e5336672eb0012fe82dc0068d6e545e637f66210080bbaf1d5d2f0e7c4ee099ba0ee50b1790396f76d9a8d18e90b95d8ddb8ac701a62d0cfea3aec
-
SSDEEP
49152:JsmhnqAs9pJc0dnKh+Q0N1rs+vIUSg+6+8ohnRh1Na1OKM6nYAKhFQpSH3Oh5gxr:/qXpy05Q0N1rsYSZ6BoXh1kkypSH3Ohs
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-