epsilon | d4524f9c529ffd945c789b8379116b8bb6227de2ffa045729f47a4131f3d5cfb | Triage

Submit
Reports

Overview

overview

Static

static

3

RabbitCheecks.exe

windows7-x64

RabbitCheecks.exe

windows10-1703-x64

RabbitCheecks.exe

windows10-2004-x64

Sharing

General

Target

RabbitCheecks.exe
Size

61.9MB
Sample

230716-hej92sde91
MD5

89e6f4c3a4dcc1c9058503a4e7d12da8
SHA1

10bfead0543c1dbb180c3d8008d937730e2b93a0
SHA256

d4524f9c529ffd945c789b8379116b8bb6227de2ffa045729f47a4131f3d5cfb
SHA512

bcc77ba4c2dd79faec3cf1ef73306cdcab539b44def8b8977090335a6544e0fe0dfb5dd176fa9597aaa761bc8d784c0408226f38a20326bd778088be114a8e00
SSDEEP

1572864:nm63awNI6DvUbKHV3rPWeroWc3bMw3u1QiUW7:m63REKHVbPW9WYbr/W7

Score

10^/10

epsilon spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

RabbitCheecks.exe

Resource

win7-20230712-en

epsilon spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

RabbitCheecks.exe

Resource

win10-20230703-en

epsilon spyware stealer

windows10-1703-x64

12 signatures

150 seconds

Behavioral task

behavioral3

Sample

RabbitCheecks.exe

Resource

win10v2004-20230703-en

epsilon spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  RabbitCheecks.exe
- Size
  
  61.9MB
- MD5
  
  89e6f4c3a4dcc1c9058503a4e7d12da8
- SHA1
  
  10bfead0543c1dbb180c3d8008d937730e2b93a0
- SHA256
  
  d4524f9c529ffd945c789b8379116b8bb6227de2ffa045729f47a4131f3d5cfb
- SHA512
  
  bcc77ba4c2dd79faec3cf1ef73306cdcab539b44def8b8977090335a6544e0fe0dfb5dd176fa9597aaa761bc8d784c0408226f38a20326bd778088be114a8e00
- SSDEEP
  
  1572864:nm63awNI6DvUbKHV3rPWeroWc3bMw3u1QiUW7:m63REKHVbPW9WYbr/W7
Score

10^/10

epsilon spyware stealer
- Detects EpsilonStealer ASAR
- Epsilon Stealer
  Information stealer.
  stealer epsilon
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

epsilonspywarestealer

behavioral2

epsilonspywarestealer

behavioral3

epsilonspywarestealer

© 2018-2024

Terms | Privacy