Overview

overview

10

Static

static

10

eulen.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eulen.exe

  • Size

    1.6MB

  • Sample

    240716-qjlbxaxbqf

  • MD5

    fd3faa77159a423ef3aea105411a49f6

  • SHA1

    420b4ab76c576db991d588363b00d004de340596

  • SHA256

    ca0c983604fc0f61af36bec22d573f33cc63ca7d553311735e2691b37a72d321

  • SHA512

    197011cea960c9818067003b862b9103477a46468415285ff5fcb486d32db29dac1b9dfdf82be8fbec595a19e3b689d39756f8c43e1603a768757be6cb7a2d19

  • SSDEEP

    49152:dkTq24GjdGSiqkqXfd+/9AqYanieKdsp:d1EjdGSiqkqXf0FLYW

Score
10/10
stealeriumcollectionpersistenceprivilege_escalationspywarestealer

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1262444839635517543/ILqzOnEgGJZbLQC4eODktew5O2O35hOQyy53OZq0jwczV7DGlpT8-1tNprBefGuqqSBd

Targets

    • Target

      eulen.exe

    • Size

      1.6MB

    • MD5

      fd3faa77159a423ef3aea105411a49f6

    • SHA1

      420b4ab76c576db991d588363b00d004de340596

    • SHA256

      ca0c983604fc0f61af36bec22d573f33cc63ca7d553311735e2691b37a72d321

    • SHA512

      197011cea960c9818067003b862b9103477a46468415285ff5fcb486d32db29dac1b9dfdf82be8fbec595a19e3b689d39756f8c43e1603a768757be6cb7a2d19

    • SSDEEP

      49152:dkTq24GjdGSiqkqXfd+/9AqYanieKdsp:d1EjdGSiqkqXf0FLYW

    Score
    10/10
    stealeriumcollectionpersistenceprivilege_escalationspywarestealer

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

      stealerstealerium

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks