epsilon | a8d5126a1eafba06775bf2eaaf74b52873f15ac8c35a3603517511fcc6e1eaea

Sharing

Copy URL

Twitter E-mail

General

Target

ElarasECHO_W1011.exe
Size

72.3MB
Sample

240223-yvmccahb6v
MD5

7e36e661623404e35298356b6bb6e918
SHA1

5efd3ff9ce600103d1e276858bae3bc2554ff834
SHA256

a8d5126a1eafba06775bf2eaaf74b52873f15ac8c35a3603517511fcc6e1eaea
SHA512

a70e92e456c098eab0599a172822593e81df7b13a51eb980b26398866781aab37cd772f7fb2a0b7ed2cfccc2501a203d847c1c99f34084cb0ab1ffdcd615cb67
SSDEEP

1572864:JejOS3eYfV1ivmBUAsPO5tkHPYZ7vaUijW3zv5EpgCp:JFYmqY86vYZ7NikzxEB

Score

10^/10

Malware Config

Targets

- Target
  
  ElarasECHO_W1011.exe
- Size
  
  72.3MB
- MD5
  
  7e36e661623404e35298356b6bb6e918
- SHA1
  
  5efd3ff9ce600103d1e276858bae3bc2554ff834
- SHA256
  
  a8d5126a1eafba06775bf2eaaf74b52873f15ac8c35a3603517511fcc6e1eaea
- SHA512
  
  a70e92e456c098eab0599a172822593e81df7b13a51eb980b26398866781aab37cd772f7fb2a0b7ed2cfccc2501a203d847c1c99f34084cb0ab1ffdcd615cb67
- SSDEEP
  
  1572864:JejOS3eYfV1ivmBUAsPO5tkHPYZ7vaUijW3zv5EpgCp:JFYmqY86vYZ7NikzxEB
Score

10^/10

epsilon spyware stealer
- Epsilon Stealer
  Information stealer.
  stealer epsilon
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/app-64.7z
- Size
  
  72.0MB
- MD5
  
  c5e9b3b545dd39d4d8dcddbb31ccaae6
- SHA1
  
  3c10e738879082b9974e70d9b2cef291417da3d2
- SHA256
  
  1a9e58aee64db0f189b595102408a5783c5061f73dc0ae7c1bab7bce8bc2bee4
- SHA512
  
  0fa117ab9b1f7dc6d6af51b8216bd6373c7eb89966b40df82118184d8ac0e32ddacbd440140e73149b846e86fe09dec125e562eccd5315b6275b7d2250b8646c
- SSDEEP
  
  1572864:OejOS3eYfV1ivmBUAsPO5tkHPYZ7vaUijW3zv5EpgC3:OFYmqY86vYZ7NikzxEP
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral7 behavioral8
- Target
  
  locales/pl.pak
- Size
  
  543KB
- MD5
  
  7d822c9fdacb73d39ea98102dec09fee
- SHA1
  
  1e3117cc8f465d0724bcd36df117f65354d8ecc0
- SHA256
  
  055510218bdc502f8f4b9c9cb71460e75af6860dd6fdd4ea8dc7662d39fa21c4
- SHA512
  
  1a2ef9746341c1f411de15942e43d297ac0c762b2cc8cbdffd9cdfcc510027b7e7a439c28abd582359f1565c6adc8a4f304d934d392f023bc6a73896068fc3b4
- SSDEEP
  
  12288:XWCtr/9jWoOB/kheU/AGfQfS6HAcbUdP1CUd4e3m/UbMAmw1QhisB5W/N4VckJ:GO9A8zM41Qhn5eE
Score

3^/10
behavioral10 behavioral9
- Target
  
  locales/pt-BR.pak
- Size
  
  510KB
- MD5
  
  5ba65ef5d3afb467dc5387f9ab0bfa96
- SHA1
  
  006e0aa5e7e5f69bffc3bb8ca5371a97db2feed8
- SHA256
  
  fca071050c9a032d2fcc4457c6b6ecf38406ffaa18e4f86aeb59359749051e35
- SHA512
  
  63d5df218da9ec91cc69b84c7a1a0b96a8863a8f3a32a97e29cad8130dfac9612e827170e5fc01940e674bd413f270425130d09247657166b80404264cdab06a
- SSDEEP
  
  6144:Pq0jS659iO1NBXBLXwEXlyEo5DTJS0qwsRQk9kp:Ld5UOo53JzsRB9W
Score

3^/10
behavioral11 behavioral12
- Target
  
  locales/pt-PT.pak
- Size
  
  512KB
- MD5
  
  4816d83e54beaa2f94c671d56361c04e
- SHA1
  
  5cae66c0b7079d778ac87ad48777afd85b172d2f
- SHA256
  
  a903ca2a8e52f987e23d040de7403b58d925a6c39668d3bc0822fb2aadd34cb1
- SHA512
  
  0d3a39e1205ce9366818cb51d38db035b80448dc1e2d2d6bbd7d5df693641582043b45b4a78bbf2334159616187dc85a51e623bb6878b1498d9bc7acd2a6ffab
- SSDEEP
  
  6144:3GMuOo/dHdr0fkdBZfieJVJJxhtHLtvxfVCQ5yKdFSRJi:jMHdofkdKQ5yKPSRU
Score

3^/10
behavioral13 behavioral14
- Target
  
  locales/ro.pak
- Size
  
  531KB
- MD5
  
  938e62fca60d7b54e9c54cdd1f745f06
- SHA1
  
  5a61a1ef3ae855ff436c5d7f45b6ec271a5228aa
- SHA256
  
  82e69f505222125ea62f8e90d8030d82a1bd49871192cb4274a8fd9d0e03d577
- SHA512
  
  d3f43881fc951c961cfb34babaa6eba2aa9175865dc07542dc529ab1c11d15703c03a7e8193c004b004d13f0a0672bccb2fcdd1cd88f32add159c337281d6d5f
- SSDEEP
  
  6144:l3hUyjvPh8WXMQfZLeHooUxxI4QKK8G+515oXfs2U/20O3:BhUyjHWWXMQNqooKxFTK653ok/O3
Score

3^/10
behavioral15 behavioral16
- Target
  
  locales/ru.pak
- Size
  
  872KB
- MD5
  
  444ae371d1802a26662820a6d587a500
- SHA1
  
  1011a29ba05199cc3f8ff0eb628e924dc3fe4ac0
- SHA256
  
  c599c0775fbfb7a56341925741a5d640fb8ecae901c231f5ab5729cfedd39fa7
- SHA512
  
  b5ed5a18c16cdac3425c05c07b466a5c3fc373eef0ae59ad3fe3e9f0bbc0fd529c10c78cecb8022a113b3f13bf9884bcc5cb3b5fbf2d9aaa26933619fbc2e3f4
- SSDEEP
  
  12288:QlV+/Jt0CfQjRo4YS7yMx/K6NzJ9fdAalWaEqSGsNCz/2nYH8eXN2hVO3j/ESbzA:Qjob0jVk5e6FX
Score

1^/10
behavioral17 behavioral18
- Target
  
  locales/sk.pak
- Size
  
  548KB
- MD5
  
  fd001b1b02597bbf16baf3f0baf3c6e4
- SHA1
  
  e4c703fc115e02833fe08caab1e62775b5812473
- SHA256
  
  f9cd222838721a618c23c8f6493bc9699c795c0063998f1a8d506b4b7a297cdc
- SHA512
  
  0ee991da6b8ba1bcc3cc27abc645af43bb93edddbf182496aafeeb401d71ae10716335ee0197f1987c21b3abb441aaac968b9a76e75ae77fcba4cc48847f5b1d
- SSDEEP
  
  12288:WH9r+eIYCk8/qsmkMVkLi4iG+kl5CF0LXT9XLPxt9i7:al+eA/qshLisl5fLxltI7
Score

3^/10
behavioral19 behavioral20
- Target
  
  locales/sl.pak
- Size
  
  526KB
- MD5
  
  ff14d5f9484350396780bea7f3bc64ec
- SHA1
  
  de097f12b70b552824de69141d6ee1969275eca4
- SHA256
  
  b174c4c49654f7d65d223568c700bfaace74238447ae63171787236ce2aab00e
- SHA512
  
  011bcc3980d21e0900d1da334a28b72623b22b527a4fc3d96a8f78fb055dc87cd1433a63d8b4414a0a86cf2ded5833a395214910b17433a0545e04d1ce4875b8
- SSDEEP
  
  6144:Tc0Pejkg4yQ9QLAx2j1MRB2xQnnbZNjJ0Kym4ocyxPbPDNs2uGEm5vfFCiv5LGaP:mQuyRB29KBjei5aScvJHjh/i/fzUCqc
Score

3^/10
behavioral21 behavioral22
- Target
  
  locales/sr.pak
- Size
  
  811KB
- MD5
  
  5d70a218b7dcccab0406fa9239ef800b
- SHA1
  
  cd231758f84a0d56545d0a234a58757a18a58d0c
- SHA256
  
  a2bc6b064ff1f7b15707f61bd76ddd9d889bd982c4182e9e74272d39c6235c85
- SHA512
  
  ef6f71e0d9782b5ed6706d9226c1a7fb5a4323b8dc8de25737c7dcca87d04c16b545372127670de312079be993823f565de1aaaf5ad833bec5baa0856c19b0f3
- SSDEEP
  
  12288:DvPGJ3ul7WkmOY9eGIddNSYd41uzQZGOvmAma5XYKxmxE38k37UjeoM/k/0:rGJ3ke5ga5zxz3
Score

3^/10
behavioral23 behavioral24
- Target
  
  locales/sv.pak
- Size
  
  473KB
- MD5
  
  a813b566c9e630910e6ca946defb7202
- SHA1
  
  2e25d2479715a572c096ce19b8dfd7a6da5339eb
- SHA256
  
  48a71912e4843b03358fede7176b2e57ced83d3a1344a92b989886374dbded62
- SHA512
  
  b348404135e147cef93c246c826107f9df170b294e9d0cbf576d2812d0ff3d2b7794ab5aba55cf729fcf7135a495d2ff591db62fa61e2998290ff02538a0e48c
- SSDEEP
  
  6144:XPpx9ttcX4y010O/6gZy/7qU5x+MDVgn4RFczqTW3t3zM+SOqDE/xWcqVTR52NuQ:TlcXZC6ghUDV5D5FJC
Score

3^/10
behavioral25 behavioral26
- Target
  
  locales/sw.pak
- Size
  
  498KB
- MD5
  
  9808a9df2da0844b1ce1a2a4213c48d0
- SHA1
  
  541f24f006ddb3361ff1e5015f097ab799120fc4
- SHA256
  
  1949953d638f266ce74d84c020174c074780166b880e7c2ec38bc6047bbb8ecc
- SHA512
  
  66b256e02ce11ea0273cc5bfa78e56faf8b250208d1e868bf4af77cbefd1c891708573d63873a5d02436f884544a6550176afcd3a8220cd35d64b88987e94404
- SSDEEP
  
  12288:OCgfZQcyY5QuCERdcUXbQF4I4Cuz5OwLJ8M5gwy5c8bJOm5+9Pe/BrN81E:H+O5Zn
Score

3^/10
behavioral27 behavioral28
- Target
  
  locales/ta.pak
- Size
  
  1.3MB
- MD5
  
  d50aa6815b63aff8c443622cb8bfd849
- SHA1
  
  fd247855e6e428109e7bf2e0018580cc6e0663c8
- SHA256
  
  6348cc2d385b9808fdf1b815914dbfb26f552da4d10f85b2613a5e6e9f95b8fa
- SHA512
  
  620e2f9ab9998c68d667e32ad9bbfa2569f7a60fbc2a67d7492c6c215af2a1037708e38b4ed7932074d29a140581fe0ffedddb362133a941966044b98eaa50db
- SSDEEP
  
  6144:p5Mw0XQS9Dcc9bhr5yzPtRXcA25tm1vYpiMyC:GJcMd5yzfcA25tm1vYpiMyC
Score

3^/10
behavioral29 behavioral30
- Target
  
  locales/te.pak
- Size
  
  1.2MB
- MD5
  
  d262c33a8c2b4949dff36cc1980e5f05
- SHA1
  
  e1ad725c388c4a1a386b4ab6170601863c943c29
- SHA256
  
  09ab1ac2b69f868539d4f2e59dfea8c3c2f418a5455777e4c91d13c5ee55ab4c
- SHA512
  
  0202f6ac32878926422d542ea96b0bcf8b168f8ec6b928121c368711856fd5f4781a24b15851cdb5892246b355d0dd37504d4599b24e9fe8a723b8dfbfeed29b
- SSDEEP
  
  12288:vAmbpM7McKNLC3ot5xd4E6gb0nQWN5Bk3p1FZexiFlJ2wCg9NFq0CrOloXAoPQ9S:o+ppX95/Mea
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Epsilon Stealer

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Looks up external IP address via web service

Drops file in System32 directory

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32