epsilon | 65d38305a8b68c0a00cb7133612777acd4cc9f4c2e770cf4adbf392172a32227 | Triage

Resubmissions

18-07-2023 14:28

230718-rs27fsca5y 10

Sharing

General

Target

ExtremeInvaders.zip
Size

28.4MB
Sample

230718-rs27fsca5y
MD5

590bcc1141980f3c51d8e562f17e1961
SHA1

a550ad54647cda7ea50f4e2de8d2433345a8fcb1
SHA256

65d38305a8b68c0a00cb7133612777acd4cc9f4c2e770cf4adbf392172a32227
SHA512

d691d8fc5252bd8fdb8e8905f8e95849c4024ad74b5ff1aaa449a4ed463592cb3897ddc931d236449b57cadfd03552d042b035606ea33fd743b49283b1b7371d
SSDEEP

786432:QGWuF+BHJe5XSzb4wga/CHIvksNwfjZaRoSqGJEGvvNan21h8K:QFuF+t8XbOkSqGJEavB1h8K

Score

10^/10

epsilon spyware stealer

Malware Config

Targets

- Target
  
  ExtremeInvaders.exe
- Size
  
  651KB
- MD5
  
  b746ec336a45656a92d61da9c3816b05
- SHA1
  
  28f48c6dcccedd34f4b7dca393a0aba446f0d3f4
- SHA256
  
  4c48c5a35cf17c0fb3c05864681f7ed59728b7a51cd87940e92136e99ef4ac13
- SHA512
  
  a33b11f03ab250096f427824b3c5bfe0a384dfd1aca7f25b487d90a3b189879b3d08133d5007c2f30a1394fc2695bae591f38de0905ae96e6ef16141ae183b72
- SSDEEP
  
  3072:JQJ/VdFgIW9mYucJ/OD8JlsI90TIC7G2E1:a/7FG9mpcJ/OD8h/
Score

10^/10

epsilon spyware stealer
- Detects EpsilonStealer ASAR
- Epsilon Stealer
  Information stealer.
  stealer epsilon
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  ExtremeInvaders_Data/Plugins/x86_64/KS_Diagnostics_Process.dll
- Size
  
  4.9MB
- MD5
  
  9ffd4b950fef075cdc7059c0c7a7c202
- SHA1
  
  b043a1d763b6fd943bd5ffd3526566105b34c9f9
- SHA256
  
  7f3a6750ad394103070c8370b4b3b96ff93dc7a2a7da543f60b3029f6a73fa8a
- SHA512
  
  a2dcbb96007c4e176da08ad92b5b14713abdcbc6007bb856297b6d926e16de1d81fc05b3f6a3d0749c07d7a3ad8f57ee011d3baa0b10e05f001de5d4d92356a5
- SSDEEP
  
  49152:ZIW2dGyJkJUkjvR3SGa2MV/b2ecedRIRPCW3+fJI6F38984JFynbdyO+BvjP:7O0iMMVHdRIRPCSghnbdyO+xP
Score

3^/10
behavioral3 behavioral4
- Target
  
  ExtremeInvaders_Data/Plugins/x86_64/lib_burst_generated.dll
- Size
  
  2KB
- MD5
  
  f7ad0700084409896aeee0bf2ec1f2af
- SHA1
  
  dbcb936b388ab2c7b4eaa67bee9adfab19b9de28
- SHA256
  
  abd41b363480db2f640b72afed7faaf282bd46f73ea641b2dec91eb95e62dd50
- SHA512
  
  5a437872893f07a7170b6f9dad9619d4e62a2523fc5daed1e2f8a5679a22bc20523a0a10874dc2fe413bbfac134576afe0c798f10ee31183db4e1896e1094954
Score

1^/10
behavioral5 behavioral6
- Target
  
  GameAssembly.dll
- Size
  
  17.0MB
- MD5
  
  18104a476685582fa374bdf4cd8756b5
- SHA1
  
  b95e0c25707a522d4749888ac6415e8a7826080d
- SHA256
  
  6c35f2a0db92f4530f7f1c410da069400f2525b17b44bdc9637f68463cfc7b43
- SHA512
  
  192f82082079715a3488668bb8e6a09bc50885f48048e7d328cb727acfa2b241eed7b212ed97409c93c060a574a3decf59f5dbc87f186bc663899076b1bccf51
- SSDEEP
  
  196608:Dpb9YOta6Kfe1gQi5LTdMGYt/xIoto6ZZSQMdSVGnbfGPd4zD:DJta6Kfe1gQgLWGA/xIotoOrMsVGqa
Score

3^/10
behavioral7 behavioral8
- Target
  
  UnityCrashHandler64.exe
- Size
  
  1.1MB
- MD5
  
  c7afdd3e48d4d31cc7337ec2a53ec5dd
- SHA1
  
  3981b342546213de90e41cc74130b0996b9029d9
- SHA256
  
  b528ea6324f2a97898b653b1c550087512e2082b09328b31ed2aefb2958359cf
- SHA512
  
  2034f906fe5a448314a83739546f9343424adbc9c4b4c384d32ba004807f39c9d3efe4ca0ed05050eb00bc382838d7bffc9c9577d2acf78b4b0b2a449901bcda
- SSDEEP
  
  12288:hPkm+MFJ2TSUdkskXepg6p9GjKzf2ucKwqoQofpPkEQfz2fzAS:hPkm+42zmSp9GjKTPPYpMz+zAS
Score

1^/10
behavioral10 behavioral9
- Target
  
  UnityPlayer.dll
- Size
  
  28.9MB
- MD5
  
  a1887eb6457ca7291bb75e4588a346ce
- SHA1
  
  099022a075947a6d8fb71eacff77210140e16e77
- SHA256
  
  3b8c150a87e59d29bfddd6e8e2cebe3623ee12b81f60a8f3a8b559473bf81433
- SHA512
  
  fb175f58e11ff99d6d9ad2e830e41f4b515c6fc12a71b3b152926c8e00d6f8acbcc4b6d2b19b21ade7131ad08ca021a43ad6d62d332422855eb2ea494f198334
- SSDEEP
  
  393216:7lYthjP874xerakD/YhmYq+qxHAVYFLyguFwebaLD:7Eal4Nb+D
Score

1^/10
behavioral11 behavioral12
- Target
  
  baselib.dll
- Size
  
  409KB
- MD5
  
  2b4c7a7fbf24865ad22e87558f0ab37f
- SHA1
  
  a86dbe84380585dd398ffbbca303857bdd03fab9
- SHA256
  
  65344274e68661d40c045ce9b0de74c6ad18dd800af56a358a0a9bd1670a27a4
- SHA512
  
  e77159c64c2606ce4c749bf0240ed217653ed6eee44a17161e1c9a291393accb38453cc7228a4f59c6b0cc1084d8e65c6400d9e1cfa25e6e226b7ad45f4f6414
- SSDEEP
  
  6144:sjk5dSv+prhS0HxBnfBRsdgVStUgQdXEqkKa92xQd1D3pe44KFOFEjGbspp:yk5dSGpl10dqStAQKa92x4JsEI+p
Score

3^/10
behavioral13 behavioral14

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

epsilonspywarestealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14