epsilon | 3f54d1d7563e17873e72d1b3726462f0354da31d4b786171ecb617a2bb2d0ef1

Resubmissions

24-02-2024 20:00

240224-yrcnqsea3y 10

Sharing

Copy URL

Twitter E-mail

General

Target

true.zip
Size

347.4MB
Sample

240224-yrcnqsea3y
MD5

84f3d0ff4d9a174da9d36012dda6d9ba
SHA1

ed586fdf2745c1b86aa7ea5b320972bc9ea6b538
SHA256

3f54d1d7563e17873e72d1b3726462f0354da31d4b786171ecb617a2bb2d0ef1
SHA512

0d0793f4456c2821556d06149fb569ae7f0e0abe1384c9d3bc1d89da151d7799e96b76caecf8a11500d60e095194198421864fb06c37270599bf9b1de8770b2e
SSDEEP

6291456:gqN+aNR3ALTW1Di6a/51FQgJ+LGzGinLTCat3ICP72YmwVSnU3wF:gGRwLTW10hF+6qaTC4ICPKwl3m

Score

10^/10

Malware Config

Targets

- Target
  
  resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

1^/10
behavioral1 behavioral2
- Target
  
  true.exe
- Size
  
  168.6MB
- MD5
  
  e3261b4def8532387e1871c844daa26b
- SHA1
  
  51b1fc5b40ef952cce623efb3ad6fc38fd71c6dc
- SHA256
  
  1363160f04aa979afa98d40853138f3ae8bec6d081e23b5bc0e97e8ea29d7e07
- SHA512
  
  0ddd2085a1808c8d38278af169121e2f4ff1014c7a391b5e17dbabad672ffe2ae61a886df60b7ce33b3b8829a54b90779fbda9811c0ca8e070bb0953c64d8659
- SSDEEP
  
  1572864:KXic4qb6IXgDaJfpEQHgelkLK4z34xGWw0TwW1T/qWhehZvmCtS3JPfyzG49FndX:UVKvWZ8tyx4u
Score

10^/10

epsilon spyware stealer
- Epsilon Stealer
  Information stealer.
  stealer epsilon
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

1^/10
behavioral5 behavioral6
- Target
  
  true.exe
- Size
  
  168.6MB
- MD5
  
  e3261b4def8532387e1871c844daa26b
- SHA1
  
  51b1fc5b40ef952cce623efb3ad6fc38fd71c6dc
- SHA256
  
  1363160f04aa979afa98d40853138f3ae8bec6d081e23b5bc0e97e8ea29d7e07
- SHA512
  
  0ddd2085a1808c8d38278af169121e2f4ff1014c7a391b5e17dbabad672ffe2ae61a886df60b7ce33b3b8829a54b90779fbda9811c0ca8e070bb0953c64d8659
- SSDEEP
  
  1572864:KXic4qb6IXgDaJfpEQHgelkLK4z34xGWw0TwW1T/qWhehZvmCtS3JPfyzG49FndX:UVKvWZ8tyx4u
Score

10^/10

epsilon persistence spyware stealer
- Epsilon Stealer
  Information stealer.
  stealer epsilon
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral7 behavioral8
- Target
  
  app-64/resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

1^/10
behavioral10 behavioral9
- Target
  
  app-64/true.exe
- Size
  
  168.6MB
- MD5
  
  e3261b4def8532387e1871c844daa26b
- SHA1
  
  51b1fc5b40ef952cce623efb3ad6fc38fd71c6dc
- SHA256
  
  1363160f04aa979afa98d40853138f3ae8bec6d081e23b5bc0e97e8ea29d7e07
- SHA512
  
  0ddd2085a1808c8d38278af169121e2f4ff1014c7a391b5e17dbabad672ffe2ae61a886df60b7ce33b3b8829a54b90779fbda9811c0ca8e070bb0953c64d8659
- SSDEEP
  
  1572864:KXic4qb6IXgDaJfpEQHgelkLK4z34xGWw0TwW1T/qWhehZvmCtS3JPfyzG49FndX:UVKvWZ8tyx4u
Score

10^/10

epsilon persistence spyware stealer
- Epsilon Stealer
  Information stealer.
  stealer epsilon
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral11 behavioral12
- Target
  
  true.exe
- Size
  
  72.3MB
- MD5
  
  926f12fbd49f31898cb57691c8e5440f
- SHA1
  
  cb398d75d40121ede9f93d60485d3d298d8ebe8a
- SHA256
  
  15780db6b46529372c5055fa5ce972c5bfed2733b2702a0139adb26972f2699d
- SHA512
  
  95cb1a0924966e55d92af69436a5a6e14b6358e13abc91dae08933eb0e4223cdc2c2c2a69c7b54290130bb01dea08a86366c3909da418d343ca5d3703ebcfe91
- SSDEEP
  
  1572864:8ejOS30sMTRRi6EUSECPScDYpeBwBjURq7ne6w5KpN:8jsEHEDDSnlX7nBlpN
Score

10^/10

epsilon spyware stealer
- Epsilon Stealer
  Information stealer.
  stealer epsilon
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Epsilon Stealer

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

Looks up external IP address via web service

Drops file in System32 directory

Epsilon Stealer

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

Adds Run key to start application

Looks up external IP address via web service

Drops file in System32 directory

Epsilon Stealer

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

Adds Run key to start application

Looks up external IP address via web service

Drops file in System32 directory

Epsilon Stealer

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14