empyrean | 46c1ccf0d7a678f4031b6c288f2794e94d367e0fb716616224da617201a3db1d

General

Target

celex_1.exe
Size

17.7MB
Sample

240212-w4psqace89
MD5

49e1de2d56c99463128cfe77fd9993a4
SHA1

83e662fb7caa3f2dfa2c7413b3ae63a274cfa274
SHA256

46c1ccf0d7a678f4031b6c288f2794e94d367e0fb716616224da617201a3db1d
SHA512

5f4b7f627a23dee802727d75b48a301625ac8240e148f088e81a75f86bb123606e389e1a86104801a99838d71066bcf7eae02bed0bf0b70ff9487989eb978af5
SSDEEP

393216:rqPnLFXlreQpDOETgsvfGaogwYvEGq/6LKPq:+PLFXNeQoE0BRxI7

Score

10^/10

Malware Config

Targets

- Target
  
  celex_1.exe
- Size
  
  17.7MB
- MD5
  
  49e1de2d56c99463128cfe77fd9993a4
- SHA1
  
  83e662fb7caa3f2dfa2c7413b3ae63a274cfa274
- SHA256
  
  46c1ccf0d7a678f4031b6c288f2794e94d367e0fb716616224da617201a3db1d
- SHA512
  
  5f4b7f627a23dee802727d75b48a301625ac8240e148f088e81a75f86bb123606e389e1a86104801a99838d71066bcf7eae02bed0bf0b70ff9487989eb978af5
- SSDEEP
  
  393216:rqPnLFXlreQpDOETgsvfGaogwYvEGq/6LKPq:+PLFXNeQoE0BRxI7
Score

7^/10

upx persistence spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  main.pyc
- Size
  
  7KB
- MD5
  
  b579147f45bb8aa2be0ec9f7de4ac1e1
- SHA1
  
  a2a5efa4b5e65269a8d67ccdb7fcdb38c321cd0f
- SHA256
  
  9d342b36f97e3969fe16c082dfe157116f8416cd35284078a3663083de66a9cb
- SHA512
  
  3d955591b4144136ebaa84a1820889909314be2533de28dc205b10f3113e670e1cc1baa1debe2fa419cc73e809706bf01f204ae5646414e97c6d0dd760014555
- SSDEEP
  
  192:w5v5X4tL8aD8dbWdXw5V+wCJxJhwUMdwtnw:G5otL81Wuwh2UPtw
Score

3^/10
behavioral3 behavioral4