Overview

overview

10

Static

static

3

TBMSetup (1).exe

windows7-x64

10

TBMSetup (1).exe

windows10-1703-x64

10

TBMSetup (1).exe

windows10-2004-x64

10

Resubmissions

15-07-2023 05:35

230715-gactqsaa3x 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TBMSetup (1).exe

  • Size

    62.0MB

  • Sample

    230715-gactqsaa3x

  • MD5

    68ae80fbc04643bda4ad8ae47211194c

  • SHA1

    d5fe9032d1d19793610bbed6924a905b7e942d5b

  • SHA256

    962c6df0b8ca065bd5df52e06c744c7795867aaacf856798e78cf27fecf3ea9d

  • SHA512

    2fe4a9d9d60ade96553b0f70407619e6b6ae46420292f7d7aca84ada6cf2bcce06199bbba237fc46d84624651f981f66efa351faf0934eb38d85ddaa111659a6

  • SSDEEP

    1572864:sm6gP4a3CHPRNOMX5bXlaaftMz86vq60E+7:X6g+HPeMX5caGzm60E+7

Score
10/10
epsilonpersistencespywarestealer

Malware Config

Targets

    • Target

      TBMSetup (1).exe

    • Size

      62.0MB

    • MD5

      68ae80fbc04643bda4ad8ae47211194c

    • SHA1

      d5fe9032d1d19793610bbed6924a905b7e942d5b

    • SHA256

      962c6df0b8ca065bd5df52e06c744c7795867aaacf856798e78cf27fecf3ea9d

    • SHA512

      2fe4a9d9d60ade96553b0f70407619e6b6ae46420292f7d7aca84ada6cf2bcce06199bbba237fc46d84624651f981f66efa351faf0934eb38d85ddaa111659a6

    • SSDEEP

      1572864:sm6gP4a3CHPRNOMX5bXlaaftMz86vq60E+7:X6g+HPeMX5caGzm60E+7

    Score
    10/10
    epsilonstealerpersistencespyware

    • Detects EpsilonStealer ASAR

    • Epsilon Stealer

      Information stealer.

      stealerepsilon

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Process Discovery

1
T1057

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks