Overview

overview

10

Static

static

3

WindowsBoo...er.exe

windows7-x64

7

WindowsBoo...er.exe

windows10-2004-x64

10

WindowsBoo...er.exe

windows7-x64

1

WindowsBoo...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    WindowsBootManager.exe

  • Size

    71.6MB

  • Sample

    240301-bf3z8ahe79

  • MD5

    763fe76cfb74520371f11edc54a5f967

  • SHA1

    992d733d68935db8750823bdae706e524d1ac38b

  • SHA256

    04250971d56c72dc744d4ea36dc31537ea9eb651faee0952807f4505b7a2f456

  • SHA512

    c2d2cee82a8584305b205c1d5364f89c1f6fac4e1798a707bcf7c09d0981517f7e0c24c14ed7afebaee766b14f3bed4ae64d7dd0172e528aea2b5b03438b6b00

  • SSDEEP

    1572864:fejOS3tMFWNDEUH3UVXAgneMGXXA/T1eBZGURkmiXgMWN:f8YWZEVVEnHMT1eNre7WN

Score
10/10
epsilonspywarestealer

Malware Config

Targets

    • Target

      WindowsBootManager.exe

    • Size

      71.6MB

    • MD5

      763fe76cfb74520371f11edc54a5f967

    • SHA1

      992d733d68935db8750823bdae706e524d1ac38b

    • SHA256

      04250971d56c72dc744d4ea36dc31537ea9eb651faee0952807f4505b7a2f456

    • SHA512

      c2d2cee82a8584305b205c1d5364f89c1f6fac4e1798a707bcf7c09d0981517f7e0c24c14ed7afebaee766b14f3bed4ae64d7dd0172e528aea2b5b03438b6b00

    • SSDEEP

      1572864:fejOS3tMFWNDEUH3UVXAgneMGXXA/T1eBZGURkmiXgMWN:f8YWZEVVEnHMT1eNre7WN

    Score
    10/10
    epsilonspywarestealer

    • Epsilon Stealer

      Information stealer.

      stealerepsilon

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      WindowsBootManager.exe

    • Size

      168.6MB

    • MD5

      2c11c9fd2618f52433766e7601fc0ab6

    • SHA1

      5431178570a6040912ec7486fbb677b8c423c6f5

    • SHA256

      b29714d2a978638b6ce17ec1c16f8344e46379c93f1e88225bc962419b9d1c04

    • SHA512

      b0a66392aff2f7eb8d019cb9d7c210a9fa76090985eb35d2cb032c44f345705720f6cb1889eff3aa3c2a3b9587f26bfbfc3d247e7a6229ef1882ee0890e95e89

    • SSDEEP

      1572864:sXic4qb6IXgDaJfpEQHgelkLK4z34xGWw0TwW1T/qWhehZvmCtS3JPfyzG49FndX:yVKvWZ8tyx4u

    Score
    10/10
    epsilonspywarestealer

    • Epsilon Stealer

      Information stealer.

      stealerepsilon

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks