epsilon | c071c0232917e0234be096d059852c6e35d27b2d9515b712907c8d16837506d0 | Triage

Sharing

General

Target

GalacticFortress.zip
Size

28.4MB
Sample

230521-abnt3ahh7s
MD5

11d258506fb97c6b87bd695fb42c4802
SHA1

1271d30c37103c919e5a643386ebcf71a3868b2b
SHA256

c071c0232917e0234be096d059852c6e35d27b2d9515b712907c8d16837506d0
SHA512

2aa769677e8684826a38038b5be612d9299eacd7e2233b723b2f6778d7f6371c260edccb243f6013276ad1ee317679ba450302e684f770622f7cd22c8d762855
SSDEEP

786432:4s+yHJe5X2IghXUfa0JgrnPejZaRoSqGJEGvvNan21h8j:Z+C8X8hXX0arngSqGJEavB1h8j

Score

10^/10

epsilon spyware stealer

Malware Config

Targets

- Target
  
  GalacticFortress.exe
- Size
  
  651KB
- MD5
  
  b746ec336a45656a92d61da9c3816b05
- SHA1
  
  28f48c6dcccedd34f4b7dca393a0aba446f0d3f4
- SHA256
  
  4c48c5a35cf17c0fb3c05864681f7ed59728b7a51cd87940e92136e99ef4ac13
- SHA512
  
  a33b11f03ab250096f427824b3c5bfe0a384dfd1aca7f25b487d90a3b189879b3d08133d5007c2f30a1394fc2695bae591f38de0905ae96e6ef16141ae183b72
- SSDEEP
  
  3072:JQJ/VdFgIW9mYucJ/OD8JlsI90TIC7G2E1:a/7FG9mpcJ/OD8h/
Score

10^/10

epsilon spyware stealer
- Detects EpsilonStealer ASAR
- Epsilon Stealer
  Information stealer.
  stealer epsilon
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  GalacticFortress_Data/Plugins/x86_64/KS_Diagnostics_Process.dll
- Size
  
  4.9MB
- MD5
  
  9ffd4b950fef075cdc7059c0c7a7c202
- SHA1
  
  b043a1d763b6fd943bd5ffd3526566105b34c9f9
- SHA256
  
  7f3a6750ad394103070c8370b4b3b96ff93dc7a2a7da543f60b3029f6a73fa8a
- SHA512
  
  a2dcbb96007c4e176da08ad92b5b14713abdcbc6007bb856297b6d926e16de1d81fc05b3f6a3d0749c07d7a3ad8f57ee011d3baa0b10e05f001de5d4d92356a5
- SSDEEP
  
  49152:ZIW2dGyJkJUkjvR3SGa2MV/b2ecedRIRPCW3+fJI6F38984JFynbdyO+BvjP:7O0iMMVHdRIRPCSghnbdyO+xP
Score

3^/10
behavioral3 behavioral4
- Target
  
  GalacticFortress_Data/Plugins/x86_64/lib_burst_generated.dll
- Size
  
  2KB
- MD5
  
  ca549e95ebe2512f708036337e872d3f
- SHA1
  
  67aa2951be358ffd1be6f6d40635ebcd22d356af
- SHA256
  
  4e3e57f6404f59416a24a556073557f466d928bb79ffd8f1ba46f0b18b91ff8f
- SHA512
  
  81c4432750a9c113288e50bdbdc12d53d974a77864d43eb043aa946403d2bb2fbdf1a6c0293ee2a6cbdba7015420bc4ba7b1299dc10d37b5148daac89629ffde
Score

1^/10
behavioral5 behavioral6
- Target
  
  GameAssembly.dll
- Size
  
  17.0MB
- MD5
  
  fec3d91ab202e5e2329f5b2aaa154b39
- SHA1
  
  0253616e175325a0797dbe7b49395bc67f74abd9
- SHA256
  
  a539b80bd85c3a48da5f9893056079bc98dbba57f1948785429056d0fd9b64c0
- SHA512
  
  ea90811b1e67e7f413d35b1785387679edd73ca1173c622f3ed7b546d408efd69306f86c079013facbe4a21ae8d9f1f987ac59fa33d2979c843f19ff8e181e28
- SSDEEP
  
  196608:7pb9EOzN6Kfe1gIWtIeQzGtfRPqocIC6pO4nWNVGnbfG8d4zD:7FzN6Kfe1gIwIRGxRPqocIJTngVGqV
Score

3^/10
behavioral7 behavioral8
- Target
  
  UnityCrashHandler64.exe
- Size
  
  1.1MB
- MD5
  
  c7afdd3e48d4d31cc7337ec2a53ec5dd
- SHA1
  
  3981b342546213de90e41cc74130b0996b9029d9
- SHA256
  
  b528ea6324f2a97898b653b1c550087512e2082b09328b31ed2aefb2958359cf
- SHA512
  
  2034f906fe5a448314a83739546f9343424adbc9c4b4c384d32ba004807f39c9d3efe4ca0ed05050eb00bc382838d7bffc9c9577d2acf78b4b0b2a449901bcda
- SSDEEP
  
  12288:hPkm+MFJ2TSUdkskXepg6p9GjKzf2ucKwqoQofpPkEQfz2fzAS:hPkm+42zmSp9GjKTPPYpMz+zAS
Score

1^/10
behavioral10 behavioral9
- Target
  
  UnityPlayer.dll
- Size
  
  28.9MB
- MD5
  
  a1887eb6457ca7291bb75e4588a346ce
- SHA1
  
  099022a075947a6d8fb71eacff77210140e16e77
- SHA256
  
  3b8c150a87e59d29bfddd6e8e2cebe3623ee12b81f60a8f3a8b559473bf81433
- SHA512
  
  fb175f58e11ff99d6d9ad2e830e41f4b515c6fc12a71b3b152926c8e00d6f8acbcc4b6d2b19b21ade7131ad08ca021a43ad6d62d332422855eb2ea494f198334
- SSDEEP
  
  393216:7lYthjP874xerakD/YhmYq+qxHAVYFLyguFwebaLD:7Eal4Nb+D
Score

1^/10
behavioral11 behavioral12
- Target
  
  baselib.dll
- Size
  
  409KB
- MD5
  
  2b4c7a7fbf24865ad22e87558f0ab37f
- SHA1
  
  a86dbe84380585dd398ffbbca303857bdd03fab9
- SHA256
  
  65344274e68661d40c045ce9b0de74c6ad18dd800af56a358a0a9bd1670a27a4
- SHA512
  
  e77159c64c2606ce4c749bf0240ed217653ed6eee44a17161e1c9a291393accb38453cc7228a4f59c6b0cc1084d8e65c6400d9e1cfa25e6e226b7ad45f4f6414
- SSDEEP
  
  6144:sjk5dSv+prhS0HxBnfBRsdgVStUgQdXEqkKa92xQd1D3pe44KFOFEjGbspp:yk5dSGpl10dqStAQKa92x4JsEI+p
Score

3^/10
behavioral13 behavioral14

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

epsilonspywarestealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14