Overview

overview

10

Static

static

3

Epsilon_St...er.exe

windows7-x64

7

Epsilon_St...er.exe

windows10-2004-x64

10

pepsi.exe

windows7-x64

1

pepsi.exe

windows10-2004-x64

10

resources/elevate.exe

windows7-x64

1

resources/elevate.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Epsilon_Stealer_Builder.exe

  • Size

    72.0MB

  • Sample

    240302-w94ttsfh9s

  • MD5

    2350b01f3bfec173db0f4e75f3bc9745

  • SHA1

    e0db60633ccdb6b059d82ff16e99e1424a9d7099

  • SHA256

    792c5a06322b027c6e5dd2100de407f9d30a23b60a380acbb7d749b2538e6e97

  • SHA512

    c08eefc34f03561784faae22281f0097a73d3189c97561fcc1e234019f176eb3703ac514fe3c96df22680db53b44399fe842dfe63f853f628291b1b15e79a3aa

  • SSDEEP

    1572864:oejOS3H8eyCCVkM8EUzzKkUsUwrfMnF6peB3DvENgTgT0N9X74cqN:oMFWR8EQawTMnFRDENgTgT0TjqN

Score
10/10
epsilonpersistencespywarestealer

Malware Config

Targets

    • Target

      Epsilon_Stealer_Builder.exe

    • Size

      72.0MB

    • MD5

      2350b01f3bfec173db0f4e75f3bc9745

    • SHA1

      e0db60633ccdb6b059d82ff16e99e1424a9d7099

    • SHA256

      792c5a06322b027c6e5dd2100de407f9d30a23b60a380acbb7d749b2538e6e97

    • SHA512

      c08eefc34f03561784faae22281f0097a73d3189c97561fcc1e234019f176eb3703ac514fe3c96df22680db53b44399fe842dfe63f853f628291b1b15e79a3aa

    • SSDEEP

      1572864:oejOS3H8eyCCVkM8EUzzKkUsUwrfMnF6peB3DvENgTgT0N9X74cqN:oMFWR8EQawTMnFRDENgTgT0TjqN

    Score
    10/10
    epsilonpersistencespywarestealer

    • Epsilon Stealer

      Information stealer.

      stealerepsilon

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      pepsi.exe

    • Size

      168.6MB

    • MD5

      c17cab3d604bfd20b776a7c7af579162

    • SHA1

      eaec5d62422089da08bdc6bc9be8fc1dbaa60af8

    • SHA256

      bd11164bf4ddeb482b1554a441492daf22a4815c0750433df0f27c8a1f5745f8

    • SHA512

      dd9c269faee9faea1ed6df4043c1472cd9706eced55ed112cd26aa2075c87ffa3b0345e8b2a46bb3ace113fc497125123ef317a77dd844e58b7ed4a49bd95423

    • SSDEEP

      1572864:KXic4qb6IXgDaJfpEQHgelkLK4z34xGWw0TwW1T/qWhehZvmCtS3JPfyzG49FndX:UVKvWZ8tyx4u

    Score
    10/10
    epsilonspywarestealer

    • Epsilon Stealer

      Information stealer.

      stealerepsilon

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral3behavioral4

    • Target

      resources/elevate.exe

    • Size

      105KB

    • MD5

      792b92c8ad13c46f27c7ced0810694df

    • SHA1

      d8d449b92de20a57df722df46435ba4553ecc802

    • SHA256

      9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

    • SHA512

      6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

    • SSDEEP

      3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks