Overview

overview

10

Static

static

3

WindowsBoo...er.exe

windows7-x64

10

WindowsBoo...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    WindowsBootManager.zip

  • Size

    60.2MB

  • Sample

    230520-w24h4agf8y

  • MD5

    0356cd37d01e25f3fc3d2b0945d04793

  • SHA1

    027017e55a10a23c40616b5ef7ce6f290787b135

  • SHA256

    384d603f078ad87eb2159fa2a3989dfeaf1cd0dd6d224b0aac5f3e97ba39844e

  • SHA512

    f1baa03debc25192a960ff31937dedc40b728a168717bcb19fa28df1e66d022e2fa7a43190e48a148847fe07f741c8131bf3c97ef3c202456da10539e8728695

  • SSDEEP

    786432:ravyqjtvARFM7A6jsac8AjzzlsIQvq08kBjL+AFzY64n1vp3bFBCHhr5Uqafsi+g:wtveU4nlzzlsnJBnNK1l5GKq/OtrB3

Score
10/10
epsilonspywarestealer

Malware Config

Targets

    • Target

      WindowsBootManager.exe

    • Size

      60.2MB

    • MD5

      ed0cbfe6ff99de9c62d2abef109a7cf5

    • SHA1

      9446fb676ee4e3a58382d8bbeeddb6c6a24655d8

    • SHA256

      9df737f389157996499dbf4d942c0f52457abc7aa3d5df647b81f7a94ba56b66

    • SHA512

      f38abe7371278e02ab983c34614808153b20a46096f7131fe0140d87aab140f59ada5ef0a953096783dd731fa96977a502854451bf2e5e15d6b7e3178e3ce8e6

    • SSDEEP

      786432:javyqjtvARFM7A6jsac8AjzzlsIQvq08kBjL+AFzY64n1vp3bFBCHhr5Uqafsi+4:YtveU4nlzzlsnJBnNK1l5GKq/OtrB7

    Score
    10/10
    epsilonspywarestealer

    • Detects EpsilonStealer ASAR

    • Epsilon Stealer

      Information stealer.

      stealerepsilon

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks