Overview

overview

10

Static

static

3

GalacticShooter.exe

windows7-x64

10

GalacticShooter.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    GalacticShooter.exe

  • Size

    61.9MB

  • Sample

    230707-jvzkcafg87

  • MD5

    9055bc76b2d32777240302fdba8fd7e9

  • SHA1

    64e65966248599ed99551acdbbcc211bde9f706b

  • SHA256

    195d6b8bc28e7538f5ecc9efeb99383477df1ceb8f61915a43bd8afb912533a8

  • SHA512

    30602ce06b29f56922e290871dcb092614083a1427c6447450f18494c53493d71b828699ecdea1bf60d3772ababa7e8a36b69a5d55aa361953ca62fac9e95ede

  • SSDEEP

    1572864:em6hRq9G1PzH8JiJK9Uvi8wI4kbLoXKrshom3/bIGlagB7:V6hMOLH8BianJwU6pm35lagB7

Score
10/10
epsilonspywarestealer

Malware Config

Targets

    • Target

      GalacticShooter.exe

    • Size

      61.9MB

    • MD5

      9055bc76b2d32777240302fdba8fd7e9

    • SHA1

      64e65966248599ed99551acdbbcc211bde9f706b

    • SHA256

      195d6b8bc28e7538f5ecc9efeb99383477df1ceb8f61915a43bd8afb912533a8

    • SHA512

      30602ce06b29f56922e290871dcb092614083a1427c6447450f18494c53493d71b828699ecdea1bf60d3772ababa7e8a36b69a5d55aa361953ca62fac9e95ede

    • SSDEEP

      1572864:em6hRq9G1PzH8JiJK9Uvi8wI4kbLoXKrshom3/bIGlagB7:V6hMOLH8BianJwU6pm35lagB7

    Score
    10/10
    epsilonspywarestealer

    • Detects EpsilonStealer ASAR

    • Epsilon Stealer

      Information stealer.

      stealerepsilon

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks