epsilon | 8863f887505fb33aa29b652cb3f84999c63da172d917b96ea7958a869d508506 | Triage

Resubmissions

23-03-2024 20:50

240323-zmtl5aeg7z 10

23-03-2024 01:09

240323-bh4drsbd56 10

22-03-2024 21:56

240322-1tr8baca3v 10

22-03-2024 02:58

240322-dglhnsff49 10

Sharing

General

Target

8863f887505fb33aa29b652cb3f84999c63da172d917b96ea7958a869d508506.exe
Size

81.5MB
Sample

240323-bh4drsbd56
MD5

9a7871e4a4d97bd0843c03413d92fd65
SHA1

80cba1b157a43b9c9fd3fe500f2f8b3acf89a023
SHA256

8863f887505fb33aa29b652cb3f84999c63da172d917b96ea7958a869d508506
SHA512

4ed36eb531c98e4bb4137b5d94b24c8e5804228c614d59147c9d0d28c2f0398b0a08a757fd873621a01e3e74ba30c9bae6c36202e480e5bb4280793b2c4efeaa
SSDEEP

1572864:Yqu78D7epWriSNcfEXk+R8W7Vb8Rfw9QbsGQJB9pepBifT8:Yqf748heiR8KVbufw9Y024T8

Score

10^/10

epsilon persistence spyware stealer

Malware Config

Targets

- Target
  
  8863f887505fb33aa29b652cb3f84999c63da172d917b96ea7958a869d508506.exe
- Size
  
  81.5MB
- MD5
  
  9a7871e4a4d97bd0843c03413d92fd65
- SHA1
  
  80cba1b157a43b9c9fd3fe500f2f8b3acf89a023
- SHA256
  
  8863f887505fb33aa29b652cb3f84999c63da172d917b96ea7958a869d508506
- SHA512
  
  4ed36eb531c98e4bb4137b5d94b24c8e5804228c614d59147c9d0d28c2f0398b0a08a757fd873621a01e3e74ba30c9bae6c36202e480e5bb4280793b2c4efeaa
- SSDEEP
  
  1572864:Yqu78D7epWriSNcfEXk+R8W7Vb8Rfw9QbsGQJB9pepBifT8:Yqf748heiR8KVbufw9Y024T8
Score

10^/10

epsilon persistence spyware stealer
- Epsilon Stealer
  Information stealer.
  stealer epsilon
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

epsilonpersistencespywarestealer

behavioral2

epsilonspywarestealer

behavioral3

epsilonpersistencespywarestealer