Overview

overview

10

Static

static

3

GalacticShooter.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    GalacticShooter.exe

  • Size

    61.8MB

  • Sample

    230530-x3x85sbd25

  • MD5

    9e8685a5687ecdcca340c120f0504ec1

  • SHA1

    c8261b0ac6d5ea4b1b16de8e58f73a8307d24949

  • SHA256

    a2077125de69b773350e3d1875f71d5433d85bcaa4f1fccce75a59a78cfef668

  • SHA512

    e2ea26bad68e717bfee78a7913f3ab1284c8b89a6c75cfc9f50f02ffdfa21653f209ed072b1fb31429b7cc8413c19dc5e34ab10ce0571c0609965d10f824b35c

  • SSDEEP

    1572864:JtveqM8531VcinHaBHNYV6vSAuZ8F0Po7:Jl/pFbnq6xbPo7

Score
10/10
epsilonspywarestealer

Malware Config

Targets

    • Target

      GalacticShooter.exe

    • Size

      61.8MB

    • MD5

      9e8685a5687ecdcca340c120f0504ec1

    • SHA1

      c8261b0ac6d5ea4b1b16de8e58f73a8307d24949

    • SHA256

      a2077125de69b773350e3d1875f71d5433d85bcaa4f1fccce75a59a78cfef668

    • SHA512

      e2ea26bad68e717bfee78a7913f3ab1284c8b89a6c75cfc9f50f02ffdfa21653f209ed072b1fb31429b7cc8413c19dc5e34ab10ce0571c0609965d10f824b35c

    • SSDEEP

      1572864:JtveqM8531VcinHaBHNYV6vSAuZ8F0Po7:Jl/pFbnq6xbPo7

    Score
    10/10
    epsilonspywarestealer

    • Detects EpsilonStealer ASAR

    • Epsilon Stealer

      Information stealer.

      stealerepsilon

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks