Overview

overview

10

Static

static

1

GalacticShooter.exe

windows7-x64

10

GalacticShooter.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    GalacticShooter.exe

  • Size

    60.9MB

  • Sample

    231118-yktnnsgd2s

  • MD5

    348817e2cd41f94fa3e83168a9beffe8

  • SHA1

    1f117df6517052565996dcd001da3a682a8a4b4d

  • SHA256

    95b2a648c298d795cc7664e293ee00c29076b76ab4cf6fb99a11fbf00fd25633

  • SHA512

    9c12d0cfcf97578da3b7c68b2f7c57494e86e2310ae5f753d54be349ebe67fd15efca225ba85d98b6e907dbc324dd484a4a5392ff0f248fbf28639d434d1529d

  • SSDEEP

    1572864:vm6CJMZau6JCwH8JiJK9Uvi8wI4kbLoXKrshom3/bIGlagh:e6CJGcZH8BianJwU6pm35lagh

Score
10/10
epsilonspywarestealer

Malware Config

Targets

    • Target

      GalacticShooter.exe

    • Size

      60.9MB

    • MD5

      348817e2cd41f94fa3e83168a9beffe8

    • SHA1

      1f117df6517052565996dcd001da3a682a8a4b4d

    • SHA256

      95b2a648c298d795cc7664e293ee00c29076b76ab4cf6fb99a11fbf00fd25633

    • SHA512

      9c12d0cfcf97578da3b7c68b2f7c57494e86e2310ae5f753d54be349ebe67fd15efca225ba85d98b6e907dbc324dd484a4a5392ff0f248fbf28639d434d1529d

    • SSDEEP

      1572864:vm6CJMZau6JCwH8JiJK9Uvi8wI4kbLoXKrshom3/bIGlagh:e6CJGcZH8BianJwU6pm35lagh

    Score
    10/10
    epsilonspywarestealer

    • Detects EpsilonStealer ASAR

    • Epsilon Stealer

      Information stealer.

      stealerepsilon

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks