Extracted

• • Target

    eulen crack.exe

  • Size

    227KB

  • MD5

    2f402bc7b8a9014cec4f649f3531aa84

  • SHA1

    2c035521a6e8428554066bb1335daa44311169c5

  • SHA256

    09cfe7bb59e480a26b8be2568294e174316cb0c06a2536ad1400b748300350b0

  • SHA512

    3b92ed2bceb0cb8fc64fbf850f47504cde1bceb6351cb4489f5b44a9b76e6d9e69a4f9e66b067d295a5e40fd3cdd145cf71a52d2bca2bec75aeb77f4985c054f

  • SSDEEP

    6144:eloZM+rIkd8g+EtXHkv/iD48HP3ohv0IHU2PxM4d8zb8e1m9i:IoZtL+EP88HP3ohv0IHU2PxM4dy/

  Score

  10^/10

  umbralcredential_accessdiscoveryexecutionspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops file in Drivers directory

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2