General

  • Target

    Eulen.exe

  • Size

    7.0MB

  • Sample

    240628-rzdgnsvbmg

  • MD5

    2413ef5e5594ad12cceaccaa916cf364

  • SHA1

    c21eca94ad8a9a74d3c221567079b703e183cfc2

  • SHA256

    57b9dac872e5af298ac221985953d1d046f48eacfa7aba8f317ff61430442662

  • SHA512

    56a759a07a52d97c3a5163ff877f2d11cb652bd2c1c86722b4f6cc172d6ae3ff8b8ee55112fc4557ab9aa2349aef041210fc735a02f20da1967195ce2341549a

  • SSDEEP

    98304:zILJkwN+MdA5wqMWEH8MMhJMjarJaon7JPzf+JiUCS3swhzqgez7DoDZDJ1n6hBG:zUJV1iB6ylnlPzf+JiJCsmFMvcn6hVve

Malware Config

Targets

    • Target

      Eulen.exe

    • Size

      7.0MB

    • MD5

      2413ef5e5594ad12cceaccaa916cf364

    • SHA1

      c21eca94ad8a9a74d3c221567079b703e183cfc2

    • SHA256

      57b9dac872e5af298ac221985953d1d046f48eacfa7aba8f317ff61430442662

    • SHA512

      56a759a07a52d97c3a5163ff877f2d11cb652bd2c1c86722b4f6cc172d6ae3ff8b8ee55112fc4557ab9aa2349aef041210fc735a02f20da1967195ce2341549a

    • SSDEEP

      98304:zILJkwN+MdA5wqMWEH8MMhJMjarJaon7JPzf+JiUCS3swhzqgez7DoDZDJ1n6hBG:zUJV1iB6ylnlPzf+JiJCsmFMvcn6hVve

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      {Rv�Jhx.pyc

    • Size

      1KB

    • MD5

      afada5fff54f41f3dc717661c65ea11b

    • SHA1

      8230eb73c7716fec069c821f99b41a0778ac2b57

    • SHA256

      25868a20f46e8ba750ec29fc49332db9126b2c06428514f76942f21f74d7b401

    • SHA512

      c898a4d6c863fc6ea2113ba6af1a55419d4ea82fcaed48faa1e06cd5fb37492f0ebe5be6bec9fe347c365f4157f9f35faca05d7c367d3562cee953bdb53f3567

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks