empyrean | loader_7[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

loader_7.exe
Size

18.2MB
MD5

1515da048bc5f1f4caa2daac8c2e331c
SHA1

83af385ae39552032e1b4b2d80e3f3ad83a3168d
SHA256

fe8659314e08391b4019adca01a74991a7fa8e02b7c3896eee74b234c41cf12d
SHA512

e3c5f7706e1530ced6554cc87d617f4412a04c272ee6589ff0f7840315d98be4841aa5ff176c43d40e99b9bf1a59beba0aa5d1db2b704ca5bc02fa7d9ff5168e
SSDEEP

393216:PqPnLFXlrWTugQpDOETgs6rfGMwVgNlq5AvE7g3+ZKLYq:iPLFXNa7QoEH2G50KYB

Score

10^/10

empyrean

Malware Config

Signatures

Detects Empyrean stealer 1 IoCs

resource	yara_rule
static1/unpack001/main.pyc	family_empyrean

Empyrean family
empyrean

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
loader_7.exe

Files

loader_7.exe
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

xxx1
Size: - Virtual size: 216KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xxx2
Size: 125KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
main.pyc