epsilon | 35f671ea54afd102bbd3df46a352d23df13db5b414289b02d5bbc1218fc6d9e4

Resubmissions

22-02-2024 19:03

240222-xqpfgaed92 10

22-02-2024 18:10

240222-wsetdade6t 10

Sharing

Copy URL

Twitter E-mail

General

Target

Mauqes_beta.exe
Size

72.2MB
Sample

240222-wsetdade6t
MD5

6be6188a62bc00884b4ccc1221281fbf
SHA1

288a898a493d043d8e9755c74c0356c103665091
SHA256

35f671ea54afd102bbd3df46a352d23df13db5b414289b02d5bbc1218fc6d9e4
SHA512

69bfcd160e626b0f0d9cdfd603e3a66ee5a21f0c8315740d279999be13652b26f0e8990a42a907404b42774b95d81a80bedfe46dcbf9cafc1966b74434ac8c20
SSDEEP

1572864:ZejOS3uvjpTF5/zgtW9o3ZuXgGUTMwRQVRxtylCO1Hsh+kpvp0k:Z9r1F580e3EX1eMjVRm91Hi3pyk

Score

10^/10

Malware Config

Targets

- Target
  
  Mauqes_beta.exe
- Size
  
  72.2MB
- MD5
  
  6be6188a62bc00884b4ccc1221281fbf
- SHA1
  
  288a898a493d043d8e9755c74c0356c103665091
- SHA256
  
  35f671ea54afd102bbd3df46a352d23df13db5b414289b02d5bbc1218fc6d9e4
- SHA512
  
  69bfcd160e626b0f0d9cdfd603e3a66ee5a21f0c8315740d279999be13652b26f0e8990a42a907404b42774b95d81a80bedfe46dcbf9cafc1966b74434ac8c20
- SSDEEP
  
  1572864:ZejOS3uvjpTF5/zgtW9o3ZuXgGUTMwRQVRxtylCO1Hsh+kpvp0k:Z9r1F580e3EX1eMjVRm91Hi3pyk
Score

10^/10

epsilon persistence spyware stealer
- Epsilon Stealer
  Information stealer.
  stealer epsilon
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

1^/10
behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral3
- Target
  
  $PLUGINSDIR/app-64.7z
- Size
  
  71.9MB
- MD5
  
  d7d8d889fcb11df4a6d197af004e6ec5
- SHA1
  
  7daa428bc66320fa4015a4b40976b7731539a58c
- SHA256
  
  a7cf5898e658fa78610d409d3c52b82a1c9e289904bd70d4a8a045ab4808764e
- SHA512
  
  0fa93cf4c52696b7f235b850c05aded8dca728a413f8b024addd75e7bcacdeb75ddf5f5d6784ba5492dc1b1276a47fb537fc1659a87f3938bd8569cb086c5530
- SSDEEP
  
  1572864:OejOS3uvjpTF5/zgtW9o3ZuXgGUTMwRQVRxtylCO1Hsh+kpvpa:O9r1F580e3EX1eMjVRm91Hi3p0
Score

3^/10
behavioral4
- Target
  
  locales/pl.pak
- Size
  
  543KB
- MD5
  
  7d822c9fdacb73d39ea98102dec09fee
- SHA1
  
  1e3117cc8f465d0724bcd36df117f65354d8ecc0
- SHA256
  
  055510218bdc502f8f4b9c9cb71460e75af6860dd6fdd4ea8dc7662d39fa21c4
- SHA512
  
  1a2ef9746341c1f411de15942e43d297ac0c762b2cc8cbdffd9cdfcc510027b7e7a439c28abd582359f1565c6adc8a4f304d934d392f023bc6a73896068fc3b4
- SSDEEP
  
  12288:XWCtr/9jWoOB/kheU/AGfQfS6HAcbUdP1CUd4e3m/UbMAmw1QhisB5W/N4VckJ:GO9A8zM41Qhn5eE
Score

3^/10
behavioral5
- Target
  
  locales/pt-BR.pak
- Size
  
  510KB
- MD5
  
  5ba65ef5d3afb467dc5387f9ab0bfa96
- SHA1
  
  006e0aa5e7e5f69bffc3bb8ca5371a97db2feed8
- SHA256
  
  fca071050c9a032d2fcc4457c6b6ecf38406ffaa18e4f86aeb59359749051e35
- SHA512
  
  63d5df218da9ec91cc69b84c7a1a0b96a8863a8f3a32a97e29cad8130dfac9612e827170e5fc01940e674bd413f270425130d09247657166b80404264cdab06a
- SSDEEP
  
  6144:Pq0jS659iO1NBXBLXwEXlyEo5DTJS0qwsRQk9kp:Ld5UOo53JzsRB9W
Score

1^/10
behavioral6
- Target
  
  locales/pt-PT.pak
- Size
  
  512KB
- MD5
  
  4816d83e54beaa2f94c671d56361c04e
- SHA1
  
  5cae66c0b7079d778ac87ad48777afd85b172d2f
- SHA256
  
  a903ca2a8e52f987e23d040de7403b58d925a6c39668d3bc0822fb2aadd34cb1
- SHA512
  
  0d3a39e1205ce9366818cb51d38db035b80448dc1e2d2d6bbd7d5df693641582043b45b4a78bbf2334159616187dc85a51e623bb6878b1498d9bc7acd2a6ffab
- SSDEEP
  
  6144:3GMuOo/dHdr0fkdBZfieJVJJxhtHLtvxfVCQ5yKdFSRJi:jMHdofkdKQ5yKPSRU
Score

1^/10
behavioral7
- Target
  
  locales/ro.pak
- Size
  
  531KB
- MD5
  
  938e62fca60d7b54e9c54cdd1f745f06
- SHA1
  
  5a61a1ef3ae855ff436c5d7f45b6ec271a5228aa
- SHA256
  
  82e69f505222125ea62f8e90d8030d82a1bd49871192cb4274a8fd9d0e03d577
- SHA512
  
  d3f43881fc951c961cfb34babaa6eba2aa9175865dc07542dc529ab1c11d15703c03a7e8193c004b004d13f0a0672bccb2fcdd1cd88f32add159c337281d6d5f
- SSDEEP
  
  6144:l3hUyjvPh8WXMQfZLeHooUxxI4QKK8G+515oXfs2U/20O3:BhUyjHWWXMQNqooKxFTK653ok/O3
Score

3^/10
behavioral8
- Target
  
  locales/ru.pak
- Size
  
  872KB
- MD5
  
  444ae371d1802a26662820a6d587a500
- SHA1
  
  1011a29ba05199cc3f8ff0eb628e924dc3fe4ac0
- SHA256
  
  c599c0775fbfb7a56341925741a5d640fb8ecae901c231f5ab5729cfedd39fa7
- SHA512
  
  b5ed5a18c16cdac3425c05c07b466a5c3fc373eef0ae59ad3fe3e9f0bbc0fd529c10c78cecb8022a113b3f13bf9884bcc5cb3b5fbf2d9aaa26933619fbc2e3f4
- SSDEEP
  
  12288:QlV+/Jt0CfQjRo4YS7yMx/K6NzJ9fdAalWaEqSGsNCz/2nYH8eXN2hVO3j/ESbzA:Qjob0jVk5e6FX
Score

1^/10
behavioral9
- Target
  
  locales/sk.pak
- Size
  
  548KB
- MD5
  
  fd001b1b02597bbf16baf3f0baf3c6e4
- SHA1
  
  e4c703fc115e02833fe08caab1e62775b5812473
- SHA256
  
  f9cd222838721a618c23c8f6493bc9699c795c0063998f1a8d506b4b7a297cdc
- SHA512
  
  0ee991da6b8ba1bcc3cc27abc645af43bb93edddbf182496aafeeb401d71ae10716335ee0197f1987c21b3abb441aaac968b9a76e75ae77fcba4cc48847f5b1d
- SSDEEP
  
  12288:WH9r+eIYCk8/qsmkMVkLi4iG+kl5CF0LXT9XLPxt9i7:al+eA/qshLisl5fLxltI7
Score

3^/10
behavioral10
- Target
  
  locales/sl.pak
- Size
  
  526KB
- MD5
  
  ff14d5f9484350396780bea7f3bc64ec
- SHA1
  
  de097f12b70b552824de69141d6ee1969275eca4
- SHA256
  
  b174c4c49654f7d65d223568c700bfaace74238447ae63171787236ce2aab00e
- SHA512
  
  011bcc3980d21e0900d1da334a28b72623b22b527a4fc3d96a8f78fb055dc87cd1433a63d8b4414a0a86cf2ded5833a395214910b17433a0545e04d1ce4875b8
- SSDEEP
  
  6144:Tc0Pejkg4yQ9QLAx2j1MRB2xQnnbZNjJ0Kym4ocyxPbPDNs2uGEm5vfFCiv5LGaP:mQuyRB29KBjei5aScvJHjh/i/fzUCqc
Score

3^/10
behavioral11
- Target
  
  locales/sr.pak
- Size
  
  811KB
- MD5
  
  5d70a218b7dcccab0406fa9239ef800b
- SHA1
  
  cd231758f84a0d56545d0a234a58757a18a58d0c
- SHA256
  
  a2bc6b064ff1f7b15707f61bd76ddd9d889bd982c4182e9e74272d39c6235c85
- SHA512
  
  ef6f71e0d9782b5ed6706d9226c1a7fb5a4323b8dc8de25737c7dcca87d04c16b545372127670de312079be993823f565de1aaaf5ad833bec5baa0856c19b0f3
- SSDEEP
  
  12288:DvPGJ3ul7WkmOY9eGIddNSYd41uzQZGOvmAma5XYKxmxE38k37UjeoM/k/0:rGJ3ke5ga5zxz3
Score

3^/10
behavioral12
- Target
  
  locales/sv.pak
- Size
  
  473KB
- MD5
  
  a813b566c9e630910e6ca946defb7202
- SHA1
  
  2e25d2479715a572c096ce19b8dfd7a6da5339eb
- SHA256
  
  48a71912e4843b03358fede7176b2e57ced83d3a1344a92b989886374dbded62
- SHA512
  
  b348404135e147cef93c246c826107f9df170b294e9d0cbf576d2812d0ff3d2b7794ab5aba55cf729fcf7135a495d2ff591db62fa61e2998290ff02538a0e48c
- SSDEEP
  
  6144:XPpx9ttcX4y010O/6gZy/7qU5x+MDVgn4RFczqTW3t3zM+SOqDE/xWcqVTR52NuQ:TlcXZC6ghUDV5D5FJC
Score

3^/10
behavioral13
- Target
  
  locales/sw.pak
- Size
  
  498KB
- MD5
  
  9808a9df2da0844b1ce1a2a4213c48d0
- SHA1
  
  541f24f006ddb3361ff1e5015f097ab799120fc4
- SHA256
  
  1949953d638f266ce74d84c020174c074780166b880e7c2ec38bc6047bbb8ecc
- SHA512
  
  66b256e02ce11ea0273cc5bfa78e56faf8b250208d1e868bf4af77cbefd1c891708573d63873a5d02436f884544a6550176afcd3a8220cd35d64b88987e94404
- SSDEEP
  
  12288:OCgfZQcyY5QuCERdcUXbQF4I4Cuz5OwLJ8M5gwy5c8bJOm5+9Pe/BrN81E:H+O5Zn
Score

3^/10
behavioral14
- Target
  
  locales/ta.pak
- Size
  
  1.3MB
- MD5
  
  d50aa6815b63aff8c443622cb8bfd849
- SHA1
  
  fd247855e6e428109e7bf2e0018580cc6e0663c8
- SHA256
  
  6348cc2d385b9808fdf1b815914dbfb26f552da4d10f85b2613a5e6e9f95b8fa
- SHA512
  
  620e2f9ab9998c68d667e32ad9bbfa2569f7a60fbc2a67d7492c6c215af2a1037708e38b4ed7932074d29a140581fe0ffedddb362133a941966044b98eaa50db
- SSDEEP
  
  6144:p5Mw0XQS9Dcc9bhr5yzPtRXcA25tm1vYpiMyC:GJcMd5yzfcA25tm1vYpiMyC
Score

3^/10
behavioral15
- Target
  
  locales/te.pak
- Size
  
  1.2MB
- MD5
  
  d262c33a8c2b4949dff36cc1980e5f05
- SHA1
  
  e1ad725c388c4a1a386b4ab6170601863c943c29
- SHA256
  
  09ab1ac2b69f868539d4f2e59dfea8c3c2f418a5455777e4c91d13c5ee55ab4c
- SHA512
  
  0202f6ac32878926422d542ea96b0bcf8b168f8ec6b928121c368711856fd5f4781a24b15851cdb5892246b355d0dd37504d4599b24e9fe8a723b8dfbfeed29b
- SSDEEP
  
  12288:vAmbpM7McKNLC3ot5xd4E6gb0nQWN5Bk3p1FZexiFlJ2wCg9NFq0CrOloXAoPQ9S:o+ppX95/Mea
Score

3^/10
behavioral16
- Target
  
  locales/th.pak
- Size
  
  1003KB
- MD5
  
  a4d1594635d26330ace7054bc025b76d
- SHA1
  
  bc4874a6a3b1d1886f05858ef2f653ab3520451c
- SHA256
  
  f06a45f0395c3e42e42c46de2c19a2a104661b47be6f9ee97f8c68b05706ef1e
- SHA512
  
  731485b139ba0ed80dac5e582ec36f53a805a867ad33551741b805e851a9d2356fb1894232395d4fdb200defc988bcf6d51e58834b542c398c1012e389953a3d
- SSDEEP
  
  12288:0KRmzN9LyZYA1T6z1L/L1XPDJsvnBD67W+v1C5UJ87L3fBj8OlzEdq3RD98GuI9h:0KQnw5r5l
Score

3^/10
behavioral17
- Target
  
  locales/tr.pak
- Size
  
  509KB
- MD5
  
  eef8a7a7d0bbeb6f92f7ddd0aa762921
- SHA1
  
  480ed148352df1785963a928e0fc2b06aca05fab
- SHA256
  
  de0a5ddb2126d8c7a2a7810cad447226805794eb74cc8ee7df40078cb0a66c96
- SHA512
  
  f6e8c848221193eba2dad7b37101ac656356382f6933271292348f78f734289206bd1883b0500106ba15c9d1bb044568bc18738ff2d0e8797d30c373fe2fa85a
- SSDEEP
  
  6144:OnGtNU4t3ckfGWxq6Sz6MJgrZXz7qqcQSYOPWG4ageA5U3/R+yi1YRed/AM1w/KY:OnGTMYxqJh+Jk/WGW5U3/J
Score

3^/10
behavioral18
- Target
  
  locales/uk.pak
- Size
  
  870KB
- MD5
  
  83e5f0092b6d72403b60fe0e1e228331
- SHA1
  
  989ed480b7ef55dfc9ccfbef1a5b9b0e104693d8
- SHA256
  
  29d68d90512ee9952635c7e074d5ab210531d93ae24c11a8f91bca20b685e9a2
- SHA512
  
  9895928ee516db7d4395b2788135a814031b9ba45e3a837e633bc253b08d6f380e4078d4d3fd51ae37502a39ff45a0166969fb62365e890f4960a51040b20941
- SSDEEP
  
  12288:OnyGlcHZ1U6nnzKT0hsEiwIt35GB3IjZAmXEN7OucLNiXEqqb6Red:OyGlNMi5rEo
Score

3^/10
behavioral19
- Target
  
  locales/ur.pak
- Size
  
  761KB
- MD5
  
  29403f3d5c8f6ae2a768de2fbe8b368e
- SHA1
  
  da83015565980ea1a24f5493be6311f06427269e
- SHA256
  
  2520ba8471c840aa075075524c4ad2bde10f43fa7a1b623aa14555180ecd30ef
- SHA512
  
  a0709280adec39633ca19daf9f8bac6c17a999101246778a63cd9e172dbea2f281b20ce197290c4af6c7601ee7956da42f17e31461a1bd8b8a4bce3c36dc87b7
- SSDEEP
  
  12288:Yf9virukH8PG7ODK5y6/eXE5hwbEFfW+BJnRQYrFwadcJKwUcumco/9NjjFpvM1:Yf9viJN51Wg
Score

3^/10
behavioral20
- Target
  
  locales/vi.pak
- Size
  
  602KB
- MD5
  
  357b0c8d9ec9d4f1ddb9a2c217a1bffa
- SHA1
  
  dd1d9dddbea33fa8a997d746b7fc262b00cfbaf5
- SHA256
  
  6acee04c81562bb9672a5df2dc020ea32cea7efb359f490f7afb61ef534a4b9f
- SHA512
  
  dbcbb2a6aff36f416aaa5eca8561ab93424e808751c92d4e672e1639299d40cd536c9f50810888802a18f1ec7bd6699c0b3195e4d9f12df0aa629f3bd257c257
- SSDEEP
  
  12288:H0kA+cBwJgroEw/audn7gsHVL0Zv+Fst91xe5c8hp6IDkiVwziMHq3wtk5:Hy+cBwJgiaS7gsHh0ZET5c8r6hiVKiMY
Score

3^/10
behavioral21
- Target
  
  locales/zh-CN.pak
- Size
  
  435KB
- MD5
  
  8673be2762103647592e9d733cbbc4c9
- SHA1
  
  e7fc6328a3e9a5e06e1c5e99f588846ee189fe73
- SHA256
  
  5d4ae2b8ad94e22b8c7a0c0448259486dc371ce7182a432394d7b6fd3cd532ee
- SHA512
  
  7cf0a7fcdcd15b6e5aa8f20bab3adc6488e92a634cfc6ea13e1c9b4aa26c8b0d0b6d9f8a33ae7041a510da0d1598e955f9166d7dfb2c3d5ac5c71f1f074afe7b
- SSDEEP
  
  12288:UJIVSGAsAh5vz1ae56T0vHt5MLNuhe3ym:Uqju5vzJ56T25MLNuhCym
Score

3^/10
behavioral22
- Target
  
  locales/zh-TW.pak
- Size
  
  430KB
- MD5
  
  be0519f12d13115aeb7eea78ba7da9fa
- SHA1
  
  0fd7aff5e2f55864b1472c55e7720d5bfefba382
- SHA256
  
  14becb8ecc6633a83d28ac362ba4b76bcd46147ca92297216ffd15e1e6455a44
- SHA512
  
  fe35f87de8bf1c40d5cee2dabd7485d7db723199387ae1585da1d46804729ff9f8eae48e71ef22f5747433631971a5ab48466f3c0829585e46d136a46a41a31f
- SSDEEP
  
  6144:k48bcTzD+J1keO2TuVjah2Y5fHIzwHobAy+77zeJTs:k4dTzVpjah2Y5fHIzpZS7z
Score

3^/10
behavioral23
- Target
  
  resources.pak
- Size
  
  5.1MB
- MD5
  
  000a0742eaac3ef14b6e776717066a1a
- SHA1
  
  6b3aee0727433363e80ee7fc5c5b0e36adafce7d
- SHA256
  
  5cd3afcdb2d15273f0369ee526edeba811e9e97d8969642ef05e6ea59d1ed6ca
- SHA512
  
  e651ee5cb446453d3ac4b042984d14283f1317654cbf20d5c7ffef9d41688280142ec825843f2346b94b6c13d9cfaf510f557a99adbddf8dacff94bce0e316ac
- SSDEEP
  
  98304:91j22juJgWPVcz+cd31WJ7JXUbwHgf31/LrwrWBpcdmTHWCF3UlfPcauPFcHNp:9pLCJPdB831iJiwHwlzkrWBQmTHWo0XV
Score

3^/10
behavioral24
- Target
  
  resources/app.asar
- Size
  
  34.6MB
- MD5
  
  3fa043575fd81874f9c29f9e46ef1881
- SHA1
  
  bb0c0bf704211a6e42b2f573c6fd28c04ab60a6c
- SHA256
  
  4b1942bb763bf09ff3d1af1e14eed0ef5fc88a4021c059b31987a1bee6f112da
- SHA512
  
  e5538fb404187eff1e839a0673d1805cf7b7fb8e013e252e8194be68321a68aeabcb0963750d5d5a0a291107b27cf7357fd95e9a8b18f6ac6c40fabb2ed9f77a
- SSDEEP
  
  196608:sNldcFM9HpLE47u/mtP6kv5PhCzkz8UhRQVwG:6cK9JLu/mtP6kv5P0zkz3RIj
Score

3^/10
behavioral25
- Target
  
  resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

1^/10
behavioral26
- Target
  
  snapshot_blob.bin
- Size
  
  270KB
- MD5
  
  d20922aefcad14dc658a3c6fd5ff6529
- SHA1
  
  75ce20814bdbe71cfa6fab03556c1711e78ca706
- SHA256
  
  b6bea91727efb8c88e7c059856553d3a47abd883e60dd60efc01b04dc6eec621
- SHA512
  
  dbd63a9f01feb3c389c11b55d720b5d689558626041fb1dd27ded2be602e5e2a8d210f785fde025d7b9959f81de3df7fef06981269b58be564df05aec190dd1c
- SSDEEP
  
  3072:FPXttcgbBDoChde06wbRMYKHUeynXtxZ4fQe1:tXPh9oCWCNMXo6
Score

3^/10
behavioral27
- Target
  
  v8_context_snapshot.bin
- Size
  
  627KB
- MD5
  
  1e4da0bc6404552f9a80ccde89fdef2b
- SHA1
  
  838481b9e4f1d694c948c0082e9697a5ed443ee2
- SHA256
  
  2db4a98abe705ef9bc18e69d17f91bc3f4c0f5703f9f57b41acb877100718918
- SHA512
  
  054917652829af01977e278cd0201c715b3a1280d7e43035507e4fa61c1c00c4cd7ed521c762aebd2ea2388d33c3d4d4b16cee5072d41e960021b6f38745a417
- SSDEEP
  
  6144:LlAKlrnVVc/eK7cPg9oCWCNM+MFjfjfGJCWXecRvUsoA4EytPcAzCYY:LZ0t7cP+Yz7Vcrz
Score

3^/10
behavioral28
- Target
  
  vk_swiftshader.dll
- Size
  
  5.0MB
- MD5
  
  d9a049f0cc7301bf6ec8a8745662c27f
- SHA1
  
  60f16bfa1ff1341c0ba15b6bcea2d6bac9535aab
- SHA256
  
  dd2e5b7b0c9782294dfc6e42932d6588a3e1cf17f7696405c3e19a18066ec546
- SHA512
  
  5ad3dfd8744126e2dcb4a6f15c331792e85aa4de5858081ef3ce8a8e8f3c722cd66ba846c1103ffef14ff8e462456e48aca0bc2ba97412e2530d38b1e53ee169
- SSDEEP
  
  49152:AO6ftECL3Zdon2+a/EgBqB1y91lxfAV7xWV9MzaNZ8m8Lg1d7RXmVEZvMUn0HjyI:ALftMUSogaEm5hZdIOlEbRaB3YIw
Score

1^/10
behavioral29
- Target
  
  vk_swiftshader_icd.json
- Size
  
  106B
- MD5
  
  8642dd3a87e2de6e991fae08458e302b
- SHA1
  
  9c06735c31cec00600fd763a92f8112d085bd12a
- SHA256
  
  32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
- SHA512
  
  f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f
Score

3^/10
behavioral30
- Target
  
  vulkan-1.dll
- Size
  
  925KB
- MD5
  
  d705eb7b499ad78de9e2e4a63112c97e
- SHA1
  
  0e9a24c173344e74641108761102fe61ae054092
- SHA256
  
  1128967748178a5be7317ca55eb2813dd7f9641eabf64a27fbe355167b65673e
- SHA512
  
  d4cb81047c464e8ce058b69e5559992b83e4f449c77a165fbe5637622ab4c2ff5dc7264295fd2f26c0578950d5619d3ab1b8e2a113860799efded3a604dec570
- SSDEEP
  
  24576:9y+lCO+5ia/1DW6pb9MLtX6Z5WdDYsH26g3P0zAk7o3s:9ymVqXpbId6Z5WdDYsH26g3P0zAk7oc
Score

1^/10
behavioral31
- Target
  
  $PLUGINSDIR/nsis7z.dll
- Size
  
  424KB
- MD5
  
  80e44ce4895304c6a3a831310fbf8cd0
- SHA1
  
  36bd49ae21c460be5753a904b4501f1abca53508
- SHA256
  
  b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
- SHA512
  
  c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
- SSDEEP
  
  6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
Score

3^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Epsilon Stealer

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Adds Run key to start application

Looks up external IP address via web service

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32