General
-
Target
Mauqes.exe
-
Size
63.2MB
-
Sample
240323-m4t8rsfe86
-
MD5
7ea675c9c76d7955b70e89f3f477fed3
-
SHA1
cd30343f0088461da30fb5c210a0d8f87b267a3f
-
SHA256
6d9cbfd099d91fc5d53512f90bdcf8a7675cfd9a93b533a31ac2b2a8a5f6fbb4
-
SHA512
ed55567bc1607c67b8a847c6d7122a32652edab64b5a023602ea016c20877291e5dc6884dbcaa371fefc87c8d5177e5939ce5407530d630ef424bce774d4c7a5
-
SSDEEP
1572864:dtDrpm8DLMpTAOZp9kKzHzpoxQEB0Jj0iwMDcjgbMc7v3/+m7yA8:Ppm8DLyZpftbh0iwMDc8b77+m7yA8
Malware Config
Targets
-
-
Target
Mauqes.exe
-
Size
63.2MB
-
MD5
7ea675c9c76d7955b70e89f3f477fed3
-
SHA1
cd30343f0088461da30fb5c210a0d8f87b267a3f
-
SHA256
6d9cbfd099d91fc5d53512f90bdcf8a7675cfd9a93b533a31ac2b2a8a5f6fbb4
-
SHA512
ed55567bc1607c67b8a847c6d7122a32652edab64b5a023602ea016c20877291e5dc6884dbcaa371fefc87c8d5177e5939ce5407530d630ef424bce774d4c7a5
-
SSDEEP
1572864:dtDrpm8DLMpTAOZp9kKzHzpoxQEB0Jj0iwMDcjgbMc7v3/+m7yA8:Ppm8DLyZpftbh0iwMDc8b77+m7yA8
Score10/10-
Epsilon Stealer
Information stealer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-