Entrarium markets itself as an "Advanced Loader" for cracked applications—but in reality, it's not even a functioning loader. It's a stealer. "Get the advantage with our cracked software. Secure, undetected, and constantly updated for optimal performance and functionality."
Discovery
While checking comments on my video about Adobe cracking, I noticed someone saying, “this method is outdated, updated method on my channel.” Suspicious, and assuming it was a stealer, I decided to investigate. Brilliant move, I know.
I ended up on entrarium[dot]live (do not visit—confirmed stealer site) and downloaded their supposed "Creative Cloud" installer.
Sample
I uploaded the sample to tria.ge (great site btw, love ya recorded future) to analyze the executable. The sample I uploaded was flagged almost immediately as Lumma Stealer, a well-known info-stealer that exfiltrates browser credentials, crypto wallets, Discord tokens, and more. It establishes outbound connections and typically sends stolen data to a command-and-control server. This thing is textbook "stealer pretending to be a crack."