General
-
Target
https://cdn.discordapp.com/attachments/1252743403569938462/1257149729880543304/password.is.eulen.exe?ex=6684042c&is=6682b2ac&hm=afa7adfc9edaad8c101386bdf22ecb8b598f35bbe6a398b32941ab450fdbcb08&
-
Sample
240701-vg3kmayhlh
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1252743403569938462/1257149729880543304/password.is.eulen.exe?ex=6684042c&is=6682b2ac&hm=afa7adfc9edaad8c101386bdf22ecb8b598f35bbe6a398b32941ab450fdbcb08&
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1252743403569938462/1257149729880543304/password.is.eulen.exe?ex=6684042c&is=6682b2ac&hm=afa7adfc9edaad8c101386bdf22ecb8b598f35bbe6a398b32941ab450fdbcb08&
-
Downloads MZ/PE file
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-