epsilon | 9ab402a0de3e64411eaefcbd0eb004e4eaffa635a3a737cb41646cd6fbf06fa9

Sharing

Copy URL

Twitter E-mail

General

Target

322b47588bff2fcebe8c7f61bd3f3be6.bin
Size

62.9MB
Sample

240329-bv5scsdh8s
MD5

907db2696f9dfab28de226f43b9cc51c
SHA1

1ad2e5fd2a6008efadf6736db9cc103ad2823c3f
SHA256

9ab402a0de3e64411eaefcbd0eb004e4eaffa635a3a737cb41646cd6fbf06fa9
SHA512

9539962947af43bfa0b3520682c5b3e41a4a984765639a3b1bf7fabfa6ca45e55e0012fd10c98f964c04aec8cd6312fcd5d77e2a0a83610f03189542d90ac8b3
SSDEEP

1572864:HSO3Qn+WpjcJ9zODEN+cQALglPLkXPi/3KL6:H53rYEHQALmikl

Score

10^/10

Malware Config

Targets

- Target
  
  4728b5eb6799fbe8850e03e7f7c73ceb7e530010b6179e157a016a6519cd1a31.exe
- Size
  
  63.0MB
- MD5
  
  322b47588bff2fcebe8c7f61bd3f3be6
- SHA1
  
  53369f34f3bdfe61527cdc32ddc9fa3e93829566
- SHA256
  
  4728b5eb6799fbe8850e03e7f7c73ceb7e530010b6179e157a016a6519cd1a31
- SHA512
  
  138de9d0086baa5033756c16e79e833e2aaefb02f6631bd91e6ed9305052eb5e2241160fff6432581b77282c18ec5ac4a1471f0553bedd420ed68bee73aa3ae3
- SSDEEP
  
  1572864:QtDq4/7Mqz47jdK1vaCZkxU/XuQqDFcGitncH0kQFPKJQz8:POns7jdcu7PFjiaHp4bz8
Score

10^/10

epsilon spyware stealer
- Epsilon Stealer
  Information stealer.
  stealer epsilon
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral5 behavioral6
- Target
  
  Epsilon.exe
- Size
  
  134.3MB
- MD5
  
  128d442c123dbbeefecbffea681b591b
- SHA1
  
  88eaf983ab17105eab1e399794f84f50f0ce6d43
- SHA256
  
  a12809190b023bc9ea27d62ef20c705ecdfc59e93c081ee5af996c5b484c325b
- SHA512
  
  779f1b557de61fbf9dad1fe04149c18c26a1cabf8beb2c57c2dd57a1a4be3a88187ffbef8657bcd948a0a6d40ea0f09c3381b290fd597210f039b854dec41eb1
- SSDEEP
  
  1572864:XicLgaO9p7sMMcmhRhgBx/CyhwGKsME1:khTRsJE1
Score

10^/10

epsilon persistence spyware stealer
- Epsilon Stealer
  Information stealer.
  stealer epsilon
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral7 behavioral8
- Target
  
  LICENSES.chromium.html
- Size
  
  5.2MB
- MD5
  
  27206d29e7a2d80ee16f7f02ee89fb0f
- SHA1
  
  3cf857751158907166f87ed03f74b40621e883ef
- SHA256
  
  2282bc8fe1798971d5726d2138eda308244fa713f0061534b8d9fbe9453d59ab
- SHA512
  
  390c490f7ff6337ee701bd7fc866354ef1b821d490c54648459c382ba63c1e8c92229e1b089a3bd0b701042b7fa9c6d2431079fd263e2d6754523fce200840e2
- SSDEEP
  
  12288:/7etnqnVnMnBnunQ9RBvjYJEi400/Q599b769B9UOE6MwMGucMEbHDuX0YnpWQZO:sFEc5FeWSPZza8yUMmfSHCHWJ4pps
Score

1^/10
behavioral10 behavioral9
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.3MB
- MD5
  
  7641e39b7da4077084d2afe7c31032e0
- SHA1
  
  2256644f69435ff2fee76deb04d918083960d1eb
- SHA256
  
  44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
- SHA512
  
  8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5
- SSDEEP
  
  49152:aYlc/220PPiMLKam+VMrLi21f4i3jn5ZO3XUDmOZQwVd2uQpN3WsGVUWd55i/jrs:a6KD2Mrdaix4NQnLt
Score

1^/10
behavioral11
- Target
  
  ffmpeg.dll
- Size
  
  2.6MB
- MD5
  
  df91054cae8a363d1c54e588cac92d45
- SHA1
  
  c505ea5a1cdc8a0e4ece29cdc3d51dd01a2d40fc
- SHA256
  
  f30d30e28ac7d14d6aaccd28f4fc92a47440bd8b7109bd3c44572ac85ea3ca6d
- SHA512
  
  98849cd0f0ce4e0a5f0c181bf37076d5017e70296c052d2230d83c34da7f412791c4df64505f57d8aca7664dafa996122f0b66f89d8ffd79cc911700f0331039
- SSDEEP
  
  49152:514LZeiXTFI6vTD9MxCAJ0qsOw0FZnHzKedVLes+/EnvIS:M7hMxjk0vB
Score

1^/10
behavioral12 behavioral13
- Target
  
  libEGL.dll
- Size
  
  431KB
- MD5
  
  581865902ddddce8fafaae80c04b9354
- SHA1
  
  33b7d75394021db65756730717d5c360b4ff5555
- SHA256
  
  5c472a5929a4829036f730735d065a34dc8789041b415c57b0905e022e839e06
- SHA512
  
  3b10c6c6c68131e7de9f24eb2ac52c82c67dd588999bfd861805af80a2f37a25f1dc7df8efbe1d50cdc983596e1343e0548063454d7d47936a64361dcaf7bc79
- SSDEEP
  
  6144:FbSSlxpHPDSDwFRSHXEU4alu73cwp1MmJw7r2qVmTsR69bg3y:Z9lxdPewF43EDaG+0TPRg3
Score

1^/10
behavioral14 behavioral15
- Target
  
  libGLESv2.dll
- Size
  
  7.5MB
- MD5
  
  2bde6484071e518b9bef23b1d0e6cb90
- SHA1
  
  36d5f7702c3af075769d2a5203bf81111368aeb8
- SHA256
  
  75ca35847d4afe42cc4e8d954a044c68660423e567412dbef119eb1f37a6a5f0
- SHA512
  
  6f67ca15584ea148c156451884f1d4c5b5319e8d8bb3ddc87e96485fb200c25805c471f9cd9077d5ca0fcb6ae69cec3a87bf3ec99fb9bea1d018755301a0d0d1
- SSDEEP
  
  98304:mDqA6VZ95l+1tEF2Qul89FELOeX+RfZmR:mDqA894a4O9eORfQ
Score

1^/10
behavioral16 behavioral17
- Target
  
  resources/app.asar.unpacked/node_modules/screenshot-desktop/lib/win32/index.js
- Size
  
  3KB
- MD5
  
  d226502c9bf2ae0a7f029bd7930be88e
- SHA1
  
  6be773fb30c7693b338f7c911b253e4f430c2f9b
- SHA256
  
  77a3965315946a325ddcf0709d927ba72aa47f889976cbccf567c76cc545159f
- SHA512
  
  93f3d885dad1540b1f721894209cb7f164f0f6f92857d713438e0ce685fc5ee1fc94eb27296462cdeede49b30af8bf089a1fc2a34f8577479645d556aaac2f8e
Score

1^/10
behavioral18 behavioral19
- Target
  
  resources/app.asar.unpacked/node_modules/screenshot-desktop/lib/win32/screenCapture_1.3.2.bat
- Size
  
  13KB
- MD5
  
  da0f40d84d72ae3e9324ad9a040a2e58
- SHA1
  
  4ca7f6f90fb67dce8470b67010aa19aa0fd6253f
- SHA256
  
  818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b
- SHA512
  
  30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9
- SSDEEP
  
  384:4cr8sEcBeIXxqXhQsBxf5oBLBfXQM8ybCpGW1KTM+:4KEcRQBTxWlPZxWpG+Qx
Score

7^/10
- Executes dropped EXE
behavioral20 behavioral21
- Target
  
  resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

1^/10
behavioral22 behavioral23
- Target
  
  swiftshader/libEGL.dll
- Size
  
  445KB
- MD5
  
  7105d569b7d7c03550e56a7d7d5d4540
- SHA1
  
  7c54283141cafac8992054b8b9789fee6ecd5342
- SHA256
  
  4c1b223eaa8cbd1f6723e9b7036bfc0afd4b15a7f57144646f210f58abc20c22
- SHA512
  
  1960590d72cadaadf6f5ddca6e9e17cab67383707486c4ab98841fc1684a0802d9ae5ad330393b5dbc4ea63ddaf16759b0d30c009e4ea2be235ff68db4cc3e5a
- SSDEEP
  
  6144:6D5bSb+dOqrMEv3lKyEeWZJ+vAFpnLt53h30kjuhJZq0V:tb+8qQEv3nInLt8bZtV
Score

1^/10
behavioral24 behavioral25
- Target
  
  swiftshader/libGLESv2.dll
- Size
  
  3.0MB
- MD5
  
  dc67fbdbebf3a62ef6d9d1baa73e7ad5
- SHA1
  
  249b9586f28a95cab63f2dd698223025f2f1d739
- SHA256
  
  bc911007b2f8bbfa769c8284e262eaffbc392191dd3ad85a8920d54d21720e42
- SHA512
  
  c05d72c58896be0adb39bcfed5d3c04fdbbf33b8a46181a19506c8476076af5490405f70d8c0818c3f88e8309663ed50ce3acac645fd89658d4579b6bec35315
- SSDEEP
  
  49152:w+H0cC+Ib0QRnvfENDNA+3eOAPf6dLO7MacKYTA+OV38dgnU4nWQ+qJmMsFLufbE:ZH0ttRipIsBGM
Score

1^/10
behavioral26 behavioral27
- Target
  
  vk_swiftshader.dll
- Size
  
  4.3MB
- MD5
  
  92ac3a137f4c60289e4584d7bc75a596
- SHA1
  
  26892fc1c5f01460a84a25712620d6f5e350b1dc
- SHA256
  
  a16da326432f8776732e87a7049998baa9a257b5d240e9667824980e7b22411e
- SHA512
  
  e7f2c54ef39358533d63d6bcbb9d6b98b3a2c76758194e60b039f41507faee54a5214b5e7581273695168781800bffc776c10d8d2066a8bfc4662aba6eeeffdb
- SSDEEP
  
  49152:3QEStOXH0nQ7MY4KF6SZBUcgURTEXjvvoOLr3NXYMASpO5ewKmnTNDN54tFqjLNf:qaCJwU1tRFn8FjF
Score

1^/10
behavioral28 behavioral29
- Target
  
  vulkan-1.dll
- Size
  
  715KB
- MD5
  
  61c006105abd621ca684e4b80ea2c9da
- SHA1
  
  99e786c70a2d57774868c960614a2d19f83efe09
- SHA256
  
  d2b79d713fde37fba9de6f8f30fe14b4f8009b9102bf08aec67819f793d76b32
- SHA512
  
  d6dc5be0fb982787568dcb1209428064964058230927823671083fd6c7e906f4db5d6995988ad5e398d35dfc7939d623c6051bcf590edccc48252837c01e01e4
- SSDEEP
  
  12288:C+Ru04Y7t/DlHZkyHQiKy99o1d+aXbF9r8PIoImdWG:Cf1YZ/fkywby9m1IaXj8AU
Score

1^/10
behavioral30 behavioral31
- Target
  
  $PLUGINSDIR/nsis7z.dll
- Size
  
  424KB
- MD5
  
  80e44ce4895304c6a3a831310fbf8cd0
- SHA1
  
  36bd49ae21c460be5753a904b4501f1abca53508
- SHA256
  
  b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
- SHA512
  
  c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
- SSDEEP
  
  6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
Score

3^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Epsilon Stealer

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Looks up external IP address via web service

Epsilon Stealer

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

Adds Run key to start application

Looks up external IP address via web service

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32