80f39a11a179b4b0829192f0283f53b4170347f760deb4b40b346ac99bba4d87 | Triage

Sharing

General

Target

empyrean-main.zip
Size

400KB
Sample

230422-3mmelahd99
MD5

46e5d4ecbcb474acd20d08cd4fb94acc
SHA1

e17d2c497265849cb35ef0b483cfc47d5c069502
SHA256

80f39a11a179b4b0829192f0283f53b4170347f760deb4b40b346ac99bba4d87
SHA512

6e020d49a6eee6b5bdc8069a40e348d71bf46c4ea5a587efa1742cab1c6851527b5a50eedbf1d5064637cf14c305b4f6dbf654008146fb6344ad3a7ade988c6d
SSDEEP

6144:6Iql1HuhH5GUMUdWApvz4VzSYFdQGTB3JTs/hkmOeHGJeQWSE5Pj7PlA5CbF4zfL:6Hl1OnGKzYQqAeRezSEtl52fs30D

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  empyrean-main/build.bat
- Size
  
  664B
- MD5
  
  85857405eca41f5e898322bf94400313
- SHA1
  
  f5d0e3170eea75ca0d19e237a9c9becd6e7988a2
- SHA256
  
  d26347df3e03141a940477d79848e5322bbdb2a71dc6c603f2d980c862421ab3
- SHA512
  
  16f4c957d1d4c07292e3bb0ed75874b7ecad7716bcb134d29a07bfcc96531c6775869996631eb74910d4e32c9513f54345e79fdb65534b2925ff82fefeca36c5
Score

1^/10
behavioral1 behavioral2
- Target
  
  empyrean-main/builder.py
- Size
  
  8KB
- MD5
  
  6519975f9f3687ed19e5f7432bf8e351
- SHA1
  
  5a4983f62152bfd835c53edf7c82b80f6eab81ef
- SHA256
  
  6c9fe0005872fe2aa6631ce5eedce861ae6422c54426248a550426cd388ba247
- SHA512
  
  2ef798344d16d0ab4147b7c6ae6c3cc104f0a2ecc1539ebcae5b421d772f156ee831b23576e9ebb3f870fab7550ae91333c573601757daeab0ff511705a2a96f
- SSDEEP
  
  96:yCIp0AnWA8TH1h7sOQf60R03oFWGXBls2LxVSV59eSF3B0:WnmDdjGrGZ0
Score

3^/10
behavioral3 behavioral4
- Target
  
  empyrean-main/install_python.bat
- Size
  
  686B
- MD5
  
  f30718a354e7cc104ea553ce5ae2d486
- SHA1
  
  3876134e6b92da57a49d868013ed35b5d946f8fd
- SHA256
  
  94008c8135d149fecd29ca62aded487f0fbfa6af893596ffc3e4b621a0fe4966
- SHA512
  
  601b2256ea709a885741f1dec5c97dda6fb7fd4e485b4afac3503af1aefe73472e5bc5529c144814a3defbc0b51ac4b50e02a50dccc69b41ee5d87a3f4282874
Score

8^/10

discovery persistence
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral5 behavioral6
- Target
  
  empyrean-main/src/components/antidebug.py
- Size
  
  11KB
- MD5
  
  26435fe69fcfe6322679c9df730cd0b0
- SHA1
  
  95a305df9fae655cc4b34eb0d5cad8848a4c9100
- SHA256
  
  101b5276bcaae253319cfc1f0f6b6a1688d9286c7852f8e12d00c698b2ae117c
- SHA512
  
  26e7750c235cfc734d86502f85f1620c4698bde6e377a2264bddd3017bb8891110e49ead665b59330666d2dd4686c8e657fb080554905dbb9976c8846781c963
- SSDEEP
  
  192:0PRZOKV83Gsn8ZBwh9JYmypzrKU8zrPsR0TtsBWaOJjd5vpV5M7/V/c:0ZTd+nJYJzrn+rgeeWaOJjd5vpVC6
Score

3^/10
behavioral7 behavioral8
- Target
  
  empyrean-main/src/components/browsers.py
- Size
  
  16KB
- MD5
  
  1fa5ec2594e7dc5ba902baa17c26c396
- SHA1
  
  9cc476e8f5068edde04fb74b8d553b9920bb7e22
- SHA256
  
  fcc7ce278bc39a6f36772e45ca5a9c52bc1457bbcb451587c8812fe090fe0e37
- SHA512
  
  57ff299400b36ad38fb04728c6416c3b45decc88f6258a5df66bf6bd388575c7ccee5837e0903f44bfb90ff319a9bf6cee046ea316a8f50f365e9418e888b922
- SSDEEP
  
  384:ljE+Bs45wvwmzwCN903g6YeNlO3+B73Rk:BE+SYrCN903g6PNlO3+B7K
Score

3^/10
behavioral10 behavioral9
- Target
  
  empyrean-main/src/components/discordtoken.py
- Size
  
  17KB
- MD5
  
  c3d9cbff92171f3004bb29fc5c8e0d49
- SHA1
  
  972e9a36b103a7c41a26d7f1817ffeeff8dbfb3c
- SHA256
  
  18df4cedcec576281fa110f1597b8c300a6d8915fb34a05616b92ce00a1108ce
- SHA512
  
  3ba2c6a271cec1b7988f39aa43358bb2fdcf7581dfbbca55adc568595995a1388b53a73279833fac747775304d6d58a98b02830082d164ead89cb1a23e3e7de2
- SSDEEP
  
  384:ig9WPIDbhMUN7Qr4cq4cn6vPuk6ii34zSJPuE8q7rqLFBISJ:4Iz7C4F4o6XuVii34zSr8cr8vpJ
Score

3^/10
behavioral11 behavioral12
- Target
  
  empyrean-main/src/components/injection.py
- Size
  
  2KB
- MD5
  
  1bfaa460966bb67499e24c44e2ae4f3f
- SHA1
  
  d79d21cd4518324d0c59fa6e183bc91df1c08433
- SHA256
  
  a9d1ad9132081e78a68e9bc71d315b74b4005f67e2667dc933db2be79e297e6c
- SHA512
  
  6e1fe9f8a5359abb7409f5b6177908968d5714dabb6e647b7a63c88ae02f06d7c16acb13895d896688ca4558ee64f2f80f2b02ec37879bd5b4b4bd7b5c66221f
Score

3^/10
behavioral13 behavioral14
- Target
  
  empyrean-main/src/components/startup.py
- Size
  
  1KB
- MD5
  
  d17d405ca05de43451c90ed876382851
- SHA1
  
  5d79d59b7c7d84da78b16c3b11ccc329a85974c6
- SHA256
  
  e93db849ec64a2c100f7d07bb1267edb96177b4097573796213fe19623b85e57
- SHA512
  
  7e2f8325cae28528d84fe1967ded6375d8b581d99a93d5b2dbae8f7a7af03c60cadacd21bd0d29771ccb0dc438e5aac30321f251db44124ab841f267a0ff887b
Score

3^/10
behavioral15 behavioral16
- Target
  
  empyrean-main/src/components/systeminfo.py
- Size
  
  6KB
- MD5
  
  2737cd3bd851c13c1c5c651e045e75d7
- SHA1
  
  828797243a9051d1461abebb90e162bd192f2c8a
- SHA256
  
  6689a267860ff5972229c33934af6356b4828b05ae214d2024f62bd113916a4a
- SHA512
  
  01d7b0e9c77585e08516c2443797f77c45db861a23f38fccad80036fe3f3ba270add2946317ef5405c608c2f8628910cf38c511cc8d7e94987730e3fe8f71e10
- SSDEEP
  
  96:o62a5Q8kjqXmBHyCOMLdpvlGa4sVV2iHxhwqf+zadcTP9eTnSIf:PQRy4Tka/T2UIzaaL9erj
Score

3^/10
behavioral17 behavioral18
- Target
  
  empyrean-main/src/config.py
- Size
  
  197B
- MD5
  
  f9db0f9a37e5d0b737dd22c3a0473d6d
- SHA1
  
  21b489d27337761e2dd5d6c50f4114ad73777800
- SHA256
  
  dc3606aa2b6342da0fe23a0a5859cf2f2be3d4bc0ec49f0dd4c79201db68c541
- SHA512
  
  12b32a522d848c76b984182f9827d22aea2e7c282b0f03db7b5d78e121157de6b67ee0e6031a44067c59efa146f1d5515514f9e27232778a56720582b7ec7d1d
Score

3^/10
behavioral19 behavioral20
- Target
  
  empyrean-main/src/main.py
- Size
  
  848B
- MD5
  
  c7e2a6f36eead941802e707eb246da84
- SHA1
  
  4406272e8c7a9b8cb5684373c43f3368b2cb44dd
- SHA256
  
  eff558ffa171814712d1605c72fe8eba833f1682ef7efc8285dcf5303f4c5f41
- SHA512
  
  a6191c28c66c9c33d7bf070b36b5cb6ace45e06593cf4368cfd60e10a28bc846100be7efa025e1e12f5b4c3e0217ae5ec185142d1a4ea5db7aa1a5d585afdbeb
Score

3^/10
behavioral21 behavioral22

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

discoverypersistence

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22