Overview

overview

10

Static

static

3

PronoteAPI.exe

windows7-x64

10

PronoteAPI.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    PronoteAPI.exe

  • Size

    61.9MB

  • Sample

    230605-241swabf7v

  • MD5

    a6c46cd6e71a92aa2efe4739e810c555

  • SHA1

    ada34734ade0ad42e1f065d7c8c8bd5de95126c9

  • SHA256

    2f893fc5fe9c4c59d0e2f56b4cf8c1466c5d095a9b1211679079c952ccc27b0f

  • SHA512

    80bf51ed9c9d8bac69804f29bd28c4496b9c8cfd7475ee33555840c36fab7411a32121fb852429df34c240f97013af5d885ed36b2f0355b101c1d2ec714c4b98

  • SSDEEP

    1572864:Lm63CTpunHicKw+V9kulozpfHatc6FHQQWo0Rs7:C63xHZKw+UuOVStc4QQWBRs7

Score
10/10
epsilonspywarestealer

Malware Config

Targets

    • Target

      PronoteAPI.exe

    • Size

      61.9MB

    • MD5

      a6c46cd6e71a92aa2efe4739e810c555

    • SHA1

      ada34734ade0ad42e1f065d7c8c8bd5de95126c9

    • SHA256

      2f893fc5fe9c4c59d0e2f56b4cf8c1466c5d095a9b1211679079c952ccc27b0f

    • SHA512

      80bf51ed9c9d8bac69804f29bd28c4496b9c8cfd7475ee33555840c36fab7411a32121fb852429df34c240f97013af5d885ed36b2f0355b101c1d2ec714c4b98

    • SSDEEP

      1572864:Lm63CTpunHicKw+V9kulozpfHatc6FHQQWo0Rs7:C63xHZKw+UuOVStc4QQWBRs7

    Score
    10/10
    epsilonstealerspyware

    • Detects EpsilonStealer ASAR

    • Epsilon Stealer

      Information stealer.

      stealerepsilon

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks