epsilon | 136994c5a072a1de00df47a1bf6c34fe2dec4180f7d9856080235966c6d67c5a | Triage

Submit
Reports

Overview

overview

Static

static

1

95b2a648c2...33.exe

windows7-x64

95b2a648c2...33.exe

windows10-2004-x64

Sharing

General

Target

348817e2cd41f94fa3e83168a9beffe8.bin
Size

60.7MB
Sample

231120-b3s4jadb99
MD5

e7f6fe25a795be4b296cff69b902a44d
SHA1

c9a839ecb92d52c8130d2814b87860ba72e72371
SHA256

136994c5a072a1de00df47a1bf6c34fe2dec4180f7d9856080235966c6d67c5a
SHA512

325ae46645dcefdb6d84c1df5a1b4c61bf4f9b2254beb5342fd7492018e9e462e459456c06dd2ed46e3e080fd213a65d6861ae8f832e6ea9a63e7336656af35a
SSDEEP

1572864:OYiw9h8cDtrXg80CE0pS7w4aSQH5UHaHm:OYtpciEWyw5RGaHm

Score

10^/10

epsilon spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

95b2a648c298d795cc7664e293ee00c29076b76ab4cf6fb99a11fbf00fd25633.exe

Resource

win7-20231020-en

epsilon spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

95b2a648c298d795cc7664e293ee00c29076b76ab4cf6fb99a11fbf00fd25633.exe

Resource

win10v2004-20231023-en

epsilon spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  95b2a648c298d795cc7664e293ee00c29076b76ab4cf6fb99a11fbf00fd25633.exe
- Size
  
  60.9MB
- MD5
  
  348817e2cd41f94fa3e83168a9beffe8
- SHA1
  
  1f117df6517052565996dcd001da3a682a8a4b4d
- SHA256
  
  95b2a648c298d795cc7664e293ee00c29076b76ab4cf6fb99a11fbf00fd25633
- SHA512
  
  9c12d0cfcf97578da3b7c68b2f7c57494e86e2310ae5f753d54be349ebe67fd15efca225ba85d98b6e907dbc324dd484a4a5392ff0f248fbf28639d434d1529d
- SSDEEP
  
  1572864:vm6CJMZau6JCwH8JiJK9Uvi8wI4kbLoXKrshom3/bIGlagh:e6CJGcZH8BianJwU6pm35lagh
Score

10^/10

epsilon spyware stealer
- Detects EpsilonStealer ASAR
- Epsilon Stealer
  Information stealer.
  stealer epsilon
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

epsilonspywarestealer

behavioral2

epsilonspywarestealer

© 2018-2025

Terms | Privacy