Overview

overview

10

Static

static

3

Launcher.exe

windows7-x64

7

Launcher.exe

windows10-1703-x64

7

Launcher.exe

windows10-2004-x64

10

Launcher.exe

windows11-21h2-x64

10

Launcher.exe

windows7-x64

1

Launcher.exe

windows10-1703-x64

10

Launcher.exe

windows10-2004-x64

10

Launcher.exe

windows11-21h2-x64

10

resources/....2.bat

windows7-x64

7

resources/....2.bat

windows10-1703-x64

7

resources/....2.bat

windows10-2004-x64

7

resources/....2.bat

windows11-21h2-x64

7

resources/elevate.exe

windows7-x64

1

resources/elevate.exe

windows10-1703-x64

1

resources/elevate.exe

windows10-2004-x64

1

resources/elevate.exe

windows11-21h2-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Relase.rar

  • Size

    72.0MB

  • Sample

    240319-lrmgqahd9s

  • MD5

    89072205626a094aca30cb8fb7d88676

  • SHA1

    57553648323192a09223a645ac1625e7fb086ee0

  • SHA256

    f9cf48c044d90c94f4814a0577cc36a7ba1ac5dbc9652b2e0e498162a042494d

  • SHA512

    c4f36f6de6b898f129888bd92015462a7d0203dc33a52e6ad84c0a4dbf12d1e261e887149d5148aebfebc8e07656b394d9da33872a6d3ed6fb92a595eb02bb12

  • SSDEEP

    1572864:tejOS3vf8SEuUfuVpWO9cC4LG8UzK+uxoG+YYfeGn+yn0y:t+HEWp0C4LGnsX+YYR+dy

Score
10/10
epsilonspywarestealer

Malware Config

Targets

    • Target

      Launcher.exe

    • Size

      72.0MB

    • MD5

      043e915471323e762e76803853cda28e

    • SHA1

      8ec1f578b126764217dc696c82a2e0dab6f3b906

    • SHA256

      3b6c17f5720f2db7a5b695486da9f5d298c35ab9a274a5760f5191d24f3188bd

    • SHA512

      f61d0c6408f0be97519ef8127f5130b28965272c15124a3953a9579bc8e92c79dadbfcc92f5b520a745736a218995be98245654440fd794d4085410eea18bb00

    • SSDEEP

      1572864:FejOS3vf8SEuUfuVpWO9cC4LG8UzK+uxoG+YYfeGn+yn0N:F+HEWp0C4LGnsX+YYR+dN

    Score
    10/10
    spywarestealerepsilon

    • Epsilon Stealer

      Information stealer.

      stealerepsilon

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral1behavioral2behavioral3behavioral4

    • Target

      Launcher.exe

    • Size

      168.6MB

    • MD5

      71598bb3157d11573761bda2392adfb0

    • SHA1

      fb505e666e4075151aae16aaab549310facbe3ad

    • SHA256

      cadd70e3070ab72a953f924fa8854ea92727b2f8c664a5cebc69188065d4244f

    • SHA512

      c77f2743aa81c56c8c72180f43db37868abe330295c60c097c9f45dae85a454bd6a666055afe197926e9ed3e7fce22b117d8f79876c8beb47df4274f77bde00f

    • SSDEEP

      1572864:qXic4qb6IXgDaJfpEQHgelkLK4z34xGWw0TwW1T/qWhehZvmCtS3JPfyzG49FndX:0VKvWZ8tyx4u

    Score
    10/10
    epsilonspywarestealer

    • Epsilon Stealer

      Information stealer.

      stealerepsilon

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral5behavioral6behavioral7behavioral8

    • Target

      resources/app.asar.unpacked/node_modules/screenshot-desktop/lib/win32/screenCapture_1.3.2.bat

    • Size

      13KB

    • MD5

      da0f40d84d72ae3e9324ad9a040a2e58

    • SHA1

      4ca7f6f90fb67dce8470b67010aa19aa0fd6253f

    • SHA256

      818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b

    • SHA512

      30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9

    • SSDEEP

      384:4cr8sEcBeIXxqXhQsBxf5oBLBfXQM8ybCpGW1KTM+:4KEcRQBTxWlPZxWpG+Qx

    Score
    7/10

    • Executes dropped EXE

    behavioral10behavioral11behavioral12behavioral9

    • Target

      resources/elevate.exe

    • Size

      105KB

    • MD5

      792b92c8ad13c46f27c7ced0810694df

    • SHA1

      d8d449b92de20a57df722df46435ba4553ecc802

    • SHA256

      9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

    • SHA512

      6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

    • SSDEEP

      3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l

    Score
    1/10
    behavioral13behavioral14behavioral15behavioral16

MITRE ATT&CK Enterprise v15

Tasks