Overview

overview

10

Static

static

3

LibManager.exe

windows7-x64

7

LibManager.exe

windows10-2004-x64

7

LibManager.exe

windows7-x64

1

LibManager.exe

windows10-2004-x64

10

ffmpeg.dll

windows7-x64

1

ffmpeg.dll

windows10-2004-x64

1

resources/app.asar

windows7-x64

3

resources/app.asar

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LibManager.exe

  • Size

    71.8MB

  • Sample

    240228-wwktssae6z

  • MD5

    d7d2e9ce66ed971ac9bc6d0f8a9413e1

  • SHA1

    b622b28ac1b52aa5546ef097118d8aeaa2eecfd4

  • SHA256

    ae5c9711a2a1d7480ff3a4893f1ae8ac3d2fd39ec869f08685600ef09cf79825

  • SHA512

    4b0acefb9ad96418a8186c118dc3b21526c56bb2d67844f94316278c97cee40cd7c8ee00ba85c5afc923fa5db81b19e0d47461a3ff61e945a0dafd769ba7b322

  • SSDEEP

    1572864:9ejOS3QMOXDuDyEUBypdsF9y7+MRl0+MdNks7unTv1k+lGSfh42Z4cgN:9B5aeEAySK+Mn0+oND7qtGS3gN

Score
10/10
epsilonpersistencespywarestealer

Malware Config

Targets

    • Target

      LibManager.exe

    • Size

      71.8MB

    • MD5

      d7d2e9ce66ed971ac9bc6d0f8a9413e1

    • SHA1

      b622b28ac1b52aa5546ef097118d8aeaa2eecfd4

    • SHA256

      ae5c9711a2a1d7480ff3a4893f1ae8ac3d2fd39ec869f08685600ef09cf79825

    • SHA512

      4b0acefb9ad96418a8186c118dc3b21526c56bb2d67844f94316278c97cee40cd7c8ee00ba85c5afc923fa5db81b19e0d47461a3ff61e945a0dafd769ba7b322

    • SSDEEP

      1572864:9ejOS3QMOXDuDyEUBypdsF9y7+MRl0+MdNks7unTv1k+lGSfh42Z4cgN:9B5aeEAySK+Mn0+oND7qtGS3gN

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      LibManager.exe

    • Size

      168.6MB

    • MD5

      2f587263b9ed87d40c312797c5909642

    • SHA1

      2546e7de3159ec813ebb7bf277178c51ecb00803

    • SHA256

      8d188a5d229b21f549fefddbf83d3da21cc535b843cb977fdf71a8f609cec155

    • SHA512

      e6bee59e438172061882103364f408a8da66c8a1d999085bfc79060cc2672a9171876761443a24039e092685a2088995a8494d4a58915efb996575235d211a33

    • SSDEEP

      1572864:CXic4qb6IXgDaJfpEQHgelkLK4z34xGWw0TwW1T/qWhehZvmCtS3JPfyzG49FndX:cVKvWZ8tyx4u

    Score
    10/10
    epsilonpersistencespywarestealer

    • Epsilon Stealer

      Information stealer.

      stealerepsilon

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral3behavioral4

    • Target

      ffmpeg.dll

    • Size

      2.7MB

    • MD5

      ba0f13758adb6aec4c6d87749af59467

    • SHA1

      0b3c725fd344f38f3a62e17372219e3fd62a1020

    • SHA256

      d25b0f4eabcd8b3dc0e0af492fb1c4870cbbd30f59cd5259e53fe010a2710af2

    • SHA512

      ef0fd5da19e764cba8e7525f58f543b2a25e49ff84a40f9f09779e20c45fd9aa596cec18916cd4967873ef9c877d30a983c91b06a6cf2b77b16736365498ee50

    • SSDEEP

      49152:PPDtyvMYqXiOaeQ3NZ+GEMDbG7m8x7n6mfu/oBLpweNsgMzqvU7n7xN:PSOONYbQG7m8bdazl7n7r

    Score
    1/10
    behavioral5behavioral6

    • Target

      resources/app.asar

    • Size

      34.3MB

    • MD5

      f0447dc326b3de69dfc474a80a925dd5

    • SHA1

      1f4641a7fb588aa27acf4f2da9adec2af28c18a8

    • SHA256

      c72589ebc010ab23f1e268e5787ca78f0acfd1e67d0e381294c6d46a72301574

    • SHA512

      9a5d7155f1d2a6c6ffbb8b7ed958bb3b69a9d4e77a6bf428436de0afb8f4e4621828a58cc0c648066074ff1283caede14d08dc319943ff1baab88e2c555c2b34

    • SSDEEP

      98304:cuACM1/J2C2fpuwKRcySvu6vtP6bvvAxJjwD3yWN8eVwgbA4De+FDIoZGdIy4nOJ:3ACMx4tu/mtP6kv5P7jzkzXSUGRd

    Score
    3/10
    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks