epsilon | 8d3b0bea3592ec54d15fb7bdfcaefd259fb822ccc0e865e6a19a3d168081b56b

General

Target

WindowsBootManager.exe
Size

71.8MB
Sample

240304-ax9zesdg38
MD5

1471484006e8e2322e691874b96d00e9
SHA1

90c130407416ac00e6ecc6b74c94943fb4ce8b83
SHA256

8d3b0bea3592ec54d15fb7bdfcaefd259fb822ccc0e865e6a19a3d168081b56b
SHA512

3ff0b74f23487f4903d874407f5909af4619a3bf1646702586d3ef9eef0ea37809963cb87bcb39fe742a0a897a8822ed7be54846610cfa8497feb1b232ae3d7b
SSDEEP

1572864:GejOS32Mmwxg5rEUH3UVXAgneMGXXA/T1eBZGURkmiXgMlN:GfZGAEVVEnHMT1eNre7lN

Score

10^/10

Malware Config

Targets

- Target
  
  WindowsBootManager.exe
- Size
  
  71.8MB
- MD5
  
  1471484006e8e2322e691874b96d00e9
- SHA1
  
  90c130407416ac00e6ecc6b74c94943fb4ce8b83
- SHA256
  
  8d3b0bea3592ec54d15fb7bdfcaefd259fb822ccc0e865e6a19a3d168081b56b
- SHA512
  
  3ff0b74f23487f4903d874407f5909af4619a3bf1646702586d3ef9eef0ea37809963cb87bcb39fe742a0a897a8822ed7be54846610cfa8497feb1b232ae3d7b
- SSDEEP
  
  1572864:GejOS32Mmwxg5rEUH3UVXAgneMGXXA/T1eBZGURkmiXgMlN:GfZGAEVVEnHMT1eNre7lN
Score

10^/10

epsilon spyware stealer
- Epsilon Stealer
  Information stealer.
  stealer epsilon
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  WindowsBootManager.exe
- Size
  
  168.6MB
- MD5
  
  2c11c9fd2618f52433766e7601fc0ab6
- SHA1
  
  5431178570a6040912ec7486fbb677b8c423c6f5
- SHA256
  
  b29714d2a978638b6ce17ec1c16f8344e46379c93f1e88225bc962419b9d1c04
- SHA512
  
  b0a66392aff2f7eb8d019cb9d7c210a9fa76090985eb35d2cb032c44f345705720f6cb1889eff3aa3c2a3b9587f26bfbfc3d247e7a6229ef1882ee0890e95e89
- SSDEEP
  
  1572864:sXic4qb6IXgDaJfpEQHgelkLK4z34xGWw0TwW1T/qWhehZvmCtS3JPfyzG49FndX:yVKvWZ8tyx4u
Score

10^/10

epsilon spyware stealer
- Epsilon Stealer
  Information stealer.
  stealer epsilon
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral3 behavioral4