epsilon | b47f73bf0d87c2fe768dbf54802833d30c01c3980a4000e541f2da73a802c9f3 | Triage

Sharing

General

Target

RAM.zip
Size

31.1MB
Sample

240228-w83v5sba53
MD5

53d363d68befbf2b31a0dd97d7c16cb4
SHA1

197a68f09a0ebdde88ce776b5446b1d930faed97
SHA256

b47f73bf0d87c2fe768dbf54802833d30c01c3980a4000e541f2da73a802c9f3
SHA512

9a768a87c5fa83d71acdd10f03bba8d1f51543dacaf59300a54d9735563eac00821a9cb82ed702e53ab88b8f4b2cd84716b898f6e7d97c28026e184bfde9b0c3
SSDEEP

786432:y00m+tHJe5XwvHs7d05aT8g6SJ5g4xZv3Qn4VZ7Mt1T:7/+B8Xw0Zye8g665g4xmS7MtJ

Score

10^/10

epsilon persistence spyware stealer

Malware Config

Targets

- Target
  
  RAM.exe
- Size
  
  651KB
- MD5
  
  7cee4e8c43b5c92d57a3d809559c92e0
- SHA1
  
  7e6a7013b0d027d58611f2cd6f461f18155ca34a
- SHA256
  
  3e93ec5cc0224e1f7c4d6eaa6a34a333526058d622a5466bbcf833f3a1ce625f
- SHA512
  
  6216619de06fd7f0e5adde4a4c8860862c265d8a9f70a077656add39a4b5eb1d87325a4d3bb579e0780a5423240356616ecb385b8b5575c09c8c79781aa445d1
- SSDEEP
  
  3072:kQJHVdFgIW9mYucJ/OD8JVsIl3rLIr67G2E1:5H7FG9mpcJ/OD8qrn
Score

10^/10

epsilon persistence spyware stealer
- Epsilon Stealer
  Information stealer.
  stealer epsilon
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

epsilonpersistencespywarestealer