Behavioral task
behavioral1
Sample
eulen setup.exe
Resource
win10v2004-20231020-en
General
-
Target
eulen setup.exe
-
Size
168KB
-
MD5
2ca228c7984f45002fca353b6a4bfedc
-
SHA1
24f37766540dda7110aa3a342e137537b5e7821a
-
SHA256
fd0d60615c38683ae85a5ef1ab2beaed160ebe700acdcec25312339adad88fda
-
SHA512
6114dbc03375ba2e4c83af3b92979294743dbb0d674ee8375f94bdb3b05642323d6c597523ccb20f7c61096631600fdb1930e1f92ae7207c36f1735ae597378a
-
SSDEEP
3072:YAWpXLyTpF7EwQTZyElBXc2gjRTNKKujXjoimNxyJy/gVCp6TGJuDgN5:YAWpXgREBXcrxNUSxJoU6TD4
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/917748860682657832/sSsKt4ikHoi9zkepKqNjrrQK503_MnWsxInF6XnFlC2W3mmbZI320rx6s-R3dnG3i8W3
Signatures
-
Mercurialgrabber family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource eulen setup.exe
Files
-
eulen setup.exe.exe windows:4 windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 128KB - Virtual size: 127KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ