epsilon | 4728b5eb6799fbe8850e03e7f7c73ceb7e530010b6179e157a016a6519cd1a31 | Triage

Sharing

General

Target

MariyelTherapy_Launcher.exe
Size

63.0MB
Sample

240327-n5c7babe64
MD5

322b47588bff2fcebe8c7f61bd3f3be6
SHA1

53369f34f3bdfe61527cdc32ddc9fa3e93829566
SHA256

4728b5eb6799fbe8850e03e7f7c73ceb7e530010b6179e157a016a6519cd1a31
SHA512

138de9d0086baa5033756c16e79e833e2aaefb02f6631bd91e6ed9305052eb5e2241160fff6432581b77282c18ec5ac4a1471f0553bedd420ed68bee73aa3ae3
SSDEEP

1572864:QtDq4/7Mqz47jdK1vaCZkxU/XuQqDFcGitncH0kQFPKJQz8:POns7jdcu7PFjiaHp4bz8

Score

10^/10

epsilon persistence spyware stealer

Malware Config

Targets

- Target
  
  MariyelTherapy_Launcher.exe
- Size
  
  63.0MB
- MD5
  
  322b47588bff2fcebe8c7f61bd3f3be6
- SHA1
  
  53369f34f3bdfe61527cdc32ddc9fa3e93829566
- SHA256
  
  4728b5eb6799fbe8850e03e7f7c73ceb7e530010b6179e157a016a6519cd1a31
- SHA512
  
  138de9d0086baa5033756c16e79e833e2aaefb02f6631bd91e6ed9305052eb5e2241160fff6432581b77282c18ec5ac4a1471f0553bedd420ed68bee73aa3ae3
- SSDEEP
  
  1572864:QtDq4/7Mqz47jdK1vaCZkxU/XuQqDFcGitncH0kQFPKJQz8:POns7jdcu7PFjiaHp4bz8
Score

10^/10

epsilon spyware stealer persistence
- Epsilon Stealer
  Information stealer.
  stealer epsilon
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

epsilonspywarestealer

behavioral3

epsilonspywarestealer

behavioral4

epsilonpersistencespywarestealer