epsilon | ad4642554c90e7ec94d8cb88b630c23bfbbf3c4a8144cf58d1cfbc8b2479aed3 | Triage

Sharing

General

Target

EmberLast.rar
Size

81.4MB
Sample

240324-1psnaabh3w
MD5

b266063fc3a8a680db31f5232991007d
SHA1

0dd468750aadb47bad2064f010bb56b8f81a4155
SHA256

ad4642554c90e7ec94d8cb88b630c23bfbbf3c4a8144cf58d1cfbc8b2479aed3
SHA512

fdc18865e0e208f89d144f807ad03555cee5ed29850159122a059222f75ff9c0fe7e477b09e1b6eee874490f6c8a4966674e5e01f61f3df5f9681c9ca3a03ec3
SSDEEP

1572864:a2U5VJAAp7uLGrsXYXtZIzJQzfnxbo5q/BeOvNoh7yLJ2Y+AmLB:HU6ApCimYXUQ/17BhvCh7Ux+xLB

Score

10^/10

epsilon spyware stealer

Malware Config

Targets

- Target
  
  EmberLast.exe
- Size
  
  81.6MB
- MD5
  
  ca40912723ba3454c9d89a73f77cb728
- SHA1
  
  54d9c0f71feae2938ca2281d700ab670e79fda29
- SHA256
  
  86e4e34b6c10ec80578ab17c4c6ff33b0a2957f35e1b2eff3316cb66c019b655
- SHA512
  
  6b719d0218f3491790433d7f0cf90b07de97a43a7150b8342faa3defc66095f6fd1c87802c83b16d6d67f50a05b1a53c47236df060cea01f15f9f63140f188f3
- SSDEEP
  
  1572864:qqu7JfbEGBtbXLrTq7jWM21je5s86egNpCPj5GrmabV+IS9EKvX8:qqyDxb/qX2S+8Zipgj5RhNf8
Score

10^/10

epsilon spyware stealer
- Epsilon Stealer
  Information stealer.
  stealer epsilon
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

epsilonspywarestealer

behavioral3

behavioral4

epsilonspywarestealer