epsilon | dd975de3c3f3ceae3df415bd697bebd829e2e6578d4c37f5cff08260dcf6ef12

Sharing

Copy URL

Twitter E-mail

General

Target

Uninstall-Node.js.exe
Size

59.9MB
Sample

240408-thnmesdd78
MD5

e5265b7bc6c51a8878f01d36fbfcfa51
SHA1

403fa69fe9cff2d0fa79ad4cdcfa7218b5e4cca5
SHA256

dd975de3c3f3ceae3df415bd697bebd829e2e6578d4c37f5cff08260dcf6ef12
SHA512

4beb11a266a17cd1f9bf9ad176118cc0c1f6c27307b67670e03b6bde3ed6500a835cec920e56a2a2c6e3bb87e45d879d911a153768f606e9acc6c9bbb26db2a4
SSDEEP

1572864:il5jbMxCXNJwg6X89dXRryA/7AQoK5BlwOdxpWixO8lI8:og2NJwRX89WAzxoUBWO/wkW8

Score

10^/10

Malware Config

Targets

- Target
  
  Uninstall-Node.js.exe
- Size
  
  59.9MB
- MD5
  
  e5265b7bc6c51a8878f01d36fbfcfa51
- SHA1
  
  403fa69fe9cff2d0fa79ad4cdcfa7218b5e4cca5
- SHA256
  
  dd975de3c3f3ceae3df415bd697bebd829e2e6578d4c37f5cff08260dcf6ef12
- SHA512
  
  4beb11a266a17cd1f9bf9ad176118cc0c1f6c27307b67670e03b6bde3ed6500a835cec920e56a2a2c6e3bb87e45d879d911a153768f606e9acc6c9bbb26db2a4
- SSDEEP
  
  1572864:il5jbMxCXNJwg6X89dXRryA/7AQoK5BlwOdxpWixO8lI8:og2NJwRX89WAzxoUBWO/wkW8
Score

10^/10

epsilon persistence spyware stealer
- Epsilon Stealer
  Information stealer.
  stealer epsilon
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral3
- Target
  
  $PLUGINSDIR/app-64.7z
- Size
  
  59.3MB
- MD5
  
  4d4f3310ec0f8ae4357b7dda7d5e8d4c
- SHA1
  
  e56c45d4eee280bd9e19b914ae2e3be9d0abedef
- SHA256
  
  8b7c14882bb35b0e9b38c7162e50853373ebc3be786f1241382add4b18265bc5
- SHA512
  
  6b4236dc29041a7043c0c0a76a29863e4934925c2f98727fb36437443a455814c51a8db4f62d698a23bd2ec6840a85c635a3c1a15671873a883681bdebf07f1a
- SSDEEP
  
  1572864:ql5jbMxCXNJwg6X89dXRryA/7AQoK5BlwOdxpWixO8lO:gg2NJwRX89WAzxoUBWO/wk4
Score

3^/10
behavioral4
- Target
  
  LICENSE.electron.txt
- Size
  
  1KB
- MD5
  
  4d42118d35941e0f664dddbd83f633c5
- SHA1
  
  2b21ec5f20fe961d15f2b58efb1368e66d202e5c
- SHA256
  
  5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
- SHA512
  
  3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63
Score

3^/10
behavioral5
- Target
  
  chrome_100_percent.pak
- Size
  
  138KB
- MD5
  
  4f7cf265db503b21845d2df4dc903022
- SHA1
  
  970b35882db6670c81bd745bdeed11f011c609da
- SHA256
  
  c48e6d360aee16159d4be43f9144f77d3275a87b3f77eae548e357601c55fc16
- SHA512
  
  5645d2c226697c7ac69ce73e9124630696516fc18286a5579823588f93a936da71084a3850f1f9a7b34c624f4c502957107f5957ffba5e6c1e4da6d8da7d3348
- SSDEEP
  
  3072:nKzw9bp66mdgZeMj6g2Z8Gb0+VRLf0ld0GY3cQ3F2DExm/KLQ2I:nKzw986mdgZezgm8Gb0OV8ld0GecQ3m3
Score

3^/10
behavioral6
- Target
  
  chrome_200_percent.pak
- Size
  
  202KB
- MD5
  
  6a7a9dee6b4d47317b4478dba3b2076c
- SHA1
  
  e9167673a3d25ad37e2d83e04af92bfda48f0c86
- SHA256
  
  b820d19a7a8ce9d12a26837f967f983e45b07550b49e7b9a25e57b417c5f6fd9
- SHA512
  
  67466e21a13ca449b014b511fb49bfc51df841eb5776f93b4bda2e0023da96d368ac5c65de051ed9de1899275b9f33839af2c387be903688cdb48bf08993791e
- SSDEEP
  
  6144:XDQYaF+9b16mdgZezVk5GMRejnbdZnVE6Yopym74:8fs1FdgEj6edhVELo374
Score

3^/10
behavioral7
- Target
  
  icudtl.dat
- Size
  
  9.7MB
- MD5
  
  2e7d2f6c3eed51f5eca878a466a1ab4e
- SHA1
  
  759bd98d218d7e392819107fab2a8fd1cfc63ddf
- SHA256
  
  b62b7240837172959299dc3be44fffa83dc374353154eca1612e1bde330aa8fa
- SHA512
  
  0f1465e8efe32b0eaba628a30bbb21254a05d80f4407a1434120a55fb928cf575b3879e1b7cf754cd19b23c262ae715fa84a8049073563cb38f1855be7db1124
- SSDEEP
  
  196608:GEGwSv9AAQTgyTliXUxR0rHa93WhlU6tgLQH:G4KlQTlliXUxR0rHa93WhlU6tgL4
Score

3^/10
behavioral8
- Target
  
  locales/am.pak
- Size
  
  179KB
- MD5
  
  ebe0e7e0c78fac281a3f0196da22cee9
- SHA1
  
  689864d898905d43b8a70bdf37c5b339daaf48eb
- SHA256
  
  08d86a45ff0a4b21e74b06509c376ab0f907cae72a3e0cbf5c17fc275d10ac5d
- SHA512
  
  89b6603e5db8ad53ee5623c2c0f7e81194278dbdf5ed49c7480049006b20744fd4642743c2b4a264cafa87e7f787d6d6cbf26f12ff2b851333b3ba7541ebd933
- SSDEEP
  
  3072:yxS4fygnOj0/92t7Rh4rgEkDvuhE8oeLt/ki7xVGMqyZJjhE+2WACT5x0kek97GG:yxFfygB51ueQRUix30jH8+X
Score

3^/10
behavioral9
- Target
  
  locales/ar.pak
- Size
  
  184KB
- MD5
  
  3a8a7a08fedb148ebee6d3300356e37a
- SHA1
  
  2e9ac1ea8b6396b909f823486538d5640ddcaa1a
- SHA256
  
  43636fc76a2da6ab562c4c3bcc1a5d548a169dc0e884484fb7e4341814c44c78
- SHA512
  
  7951829cc7aa385bb5f8078a7af7d4f0b49fa8c05eecb2808eac3fb0e8700c63f92db888ad64f526d992a14d54948a6807bf06f9fb688aecea40311eaacea181
- SSDEEP
  
  3072:QeqH2KNRpqhXUJXFxnw+7zF+hFBM2S2xHMuZtE9P6N9/fpK1P/X21MgSENKKSI1R:QeeNR8+7IpLMgSENuiTI1Zi
Score

3^/10
behavioral10
- Target
  
  locales/bg.pak
- Size
  
  200KB
- MD5
  
  5ed6adc6158f554e71bdac7dc9731b16
- SHA1
  
  394c8396c566d2b92cef881c332624be812115fa
- SHA256
  
  0a3e79a6d270d212037ccb5a8730b7abfc45c6e9175dd7e17d997daed0985726
- SHA512
  
  796f107698e82dfad9ec8d2ac1fc3f79b1f3a339a06eccd783dcd262ddb7399f8e3c093799f16640cf7a4488f1d2eb04ba6b7cb14ac9e9fcf87488cb8305b35d
- SSDEEP
  
  6144:8+Q7NaTBDnvbFnyZzrmLy8A/dWx6y2HR2vyPsUVwo:8FaTBDnv5nPLy8A/dWx6y2HR2vy2o
Score

3^/10
behavioral11
- Target
  
  locales/bn.pak
- Size
  
  257KB
- MD5
  
  ee25e9cf28fdd35846d8a9b3c4220eed
- SHA1
  
  702342cc207ced1bb585195abcf263cbc4ea0069
- SHA256
  
  9994b9832bce803bee8c48a8176653099df7768074e3c54d09a18593376466b9
- SHA512
  
  2b703cd07bacc9f70e36844f148c980cb112a806b4ca11f692b9bbe6995fd5636eb9bdc84c5cfaf79790dbbb1ecf7cf2b61a7d6ff89311eb4907c586e20b7dbd
- SSDEEP
  
  1536:mJvNRPap2KJjyr98JMgqxpDwuDkQv+h2mWHc:uNhK9meL
Score

3^/10
behavioral12
- Target
  
  locales/ca.pak
- Size
  
  125KB
- MD5
  
  53e3fb38f84f60b98d23b337e4f03f92
- SHA1
  
  42e435837dd36872d2a413518a299cd293ff8536
- SHA256
  
  b00bd41c1222b3ea078df5b92cec1946e41430be241d0d57dc9baa4c70c91f3a
- SHA512
  
  98d0328e7370b1fec9e15ad0cff9e1353686fc581e3df9a8896e3c2e62ced044c4c51ea63f35ec8b7eb3e7df5c83ef5157468979b7f20e85480597042c1ac192
- SSDEEP
  
  3072:Kqei1DaccguH65rqx0hmSBL8l/oT6nm1VhNO54f1fXiUUpYEHGPXf410ozRhqPY/:Awbcgco73O56XiUUpY/PXfc0yaYnwAk0
Score

3^/10
behavioral13
- Target
  
  locales/cs.pak
- Size
  
  128KB
- MD5
  
  f125738776a9fb8dbf25311fa3dadbcf
- SHA1
  
  3448b58d4810e69f5c1eca4e1484308c3ceff502
- SHA256
  
  5d5089718677f9a4e677dec72058c376a5829921cd523ecb919d0da7766d3cd4
- SHA512
  
  ca5300e5fb73ed4ee8c108e875c66ce7f105693f3ba78cb00f33218febfdb3ea27fe26f118dff3fb2e4af66f722f8348760cb576aba48887be25fdfae4991776
- SSDEEP
  
  3072:eKpMNl5jzoGFJ+17jN6lD+g+5XZ/Vuvm8Q+ndbx:eK2TRiN6lDu/VD8QYdbx
Score

3^/10
behavioral14
- Target
  
  locales/da.pak
- Size
  
  117KB
- MD5
  
  22134b12d90fdc00f23a1e0a6fb04eec
- SHA1
  
  17c9fc2cacb6e5ccc393d1af9bdf3e8e63ecdaaa
- SHA256
  
  62020dd01b47b696e2e11d7f5598628c07782a96ea6bc013dc2ffe8c820b7c94
- SHA512
  
  9cce6ffb2d84cedcc5ccf200080d6a2cab691468c042e8e48a5fdd809b5c0d067c322326e49d18f66da8e0b1d28adeda4cd03e12d7aa11350b72776737aa3427
- SSDEEP
  
  1536:kGkb3ykSYaQSB3QxjxnFg5JmFT/I+5UGA/4v8pOmPEHhIGjZJiH:kzZS9HQ9xnKmFTg+56wPIYZJY
Score

3^/10
behavioral15
- Target
  
  locales/de.pak
- Size
  
  127KB
- MD5
  
  fceb00caf7e76e688007665feae99e83
- SHA1
  
  06fece84cf7028b3871f144258b8d084faf8745b
- SHA256
  
  80e63ef1950b8438813271365a7b6a3f3aba0bacc179f5675654249f31c06a3c
- SHA512
  
  08c14eb299a035949e6b64a069cadee66c420b7d66bb00d65d6a1a08fbee08a57ab08f8e77c44387f0fe02b47aeb0bf2709a1979025613cb51af4ab82fc3b6d5
- SSDEEP
  
  1536:ntxH1jQsqXghFIahUbnLKbG1CfEO5emQUvehSbbXwqPHxQ1NlkGfkhI9Z4C2Ki1g:3VQstjhUzLKknS3w2H8NrC4lVM/rnCSE
Score

3^/10
behavioral16
- Target
  
  locales/el.pak
- Size
  
  220KB
- MD5
  
  db449f218a705453eb10b5f418e28d7b
- SHA1
  
  7bc8fcc59c532bb086a7f081cd8d275a89dac835
- SHA256
  
  73da35d01b91707846775bea7dc0331fc1caebd5c63d101aa8bb8bb58ca7f193
- SHA512
  
  7dce45bc723d62498b335be0ab72dfc91c44c01f96f25c2314e9245a0eab28a92dcaa730b11f108b604545592445ed1612721416f60ae3bf55b1bd438bd04f78
- SSDEEP
  
  6144:S/mgvCi+6FMkDuvmtF5IARrl3Cp4o3/UzFMeF+f9I2hl36vOTYlXSTzG:mmgvCi+6FMkDuvmtF5IARrl3Cp4o3/UP
Score

3^/10
behavioral17
- Target
  
  locales/en-GB.pak
- Size
  
  103KB
- MD5
  
  074d3dd44706502de7c33e791794b23a
- SHA1
  
  564a73ffad9232052c692eb94f560d6b17227c47
- SHA256
  
  9c3954a5ca2cf126370a1152e9281f41a7ca97c69293f556a2c79ea6729324ae
- SHA512
  
  6e1296d04b16534274fa438643ecee6e37d17ed935623f73d5a8f3510a194e0efda9ca60fac8d51d25763c4818050e23c306f9ee18284b8600610d14f7768d98
- SSDEEP
  
  3072:g4XYPtg5wR2LTpvjEK2TBqgL65qi93ggl+L9:g4XmVMLTB5Vk
Score

3^/10
behavioral18
- Target
  
  locales/en-US.pak
- Size
  
  104KB
- MD5
  
  0dcd84e9e50a3e0819d5875ea889ced4
- SHA1
  
  7c47f6e4e0cafec3a13c07d689d1dd6ff6516b1e
- SHA256
  
  699b6d7f05a484e76d3e1197a656247863e570f03cc02634c9dc42078a5c5007
- SHA512
  
  153fc15f676d78d5d0f3a6862fc7eaa60c2a659c25ce87485f0253c321d9407a9b799b959104c27a8e7b5487f0de926ae8f375e2c3d313329112e48f2d001a17
- SSDEEP
  
  1536:bHsdSwdRt0FASED0FhFL2tr/4Sx5dBqgDSO0JedMVrBnh67VIbVfD3ggl+sZ4pWy:bHsdSc8ASTheZBqgmT65I53ggl+sxwh
Score

3^/10
behavioral19
- Target
  
  locales/es-419.pak
- Size
  
  124KB
- MD5
  
  cadd9ec43e823609c4bbdc418da6009a
- SHA1
  
  91bdd44d5972a4763227ee7c127fe122aefe195f
- SHA256
  
  6c8d074047d57a79cf5cadf9caa6e9a64bce0895743a3dd89ed1350cc91c1e4c
- SHA512
  
  2b9eae4072e46024e33f000b1df1a64246f70498a557f4a03234d3dd47aadb04883b98ebf48eec21f0d6ca4c8a62065f675fdb352be680a56644ea3ae1db93a5
- SSDEEP
  
  1536:X7r4RHkTSqFhjRbKZr4hJzsxaXG0BM4uddPcHYKC2Kbz0PWFsMH5Bth/VZ9TWrYs:f4RHk1l6khIWuVb9lB+
Score

3^/10
behavioral20
- Target
  
  locales/es.pak
- Size
  
  125KB
- MD5
  
  39288ea031009bb9db582cbd93c7d534
- SHA1
  
  467f76d33e39526a4d8cb6068eaf8e2791b3a9ee
- SHA256
  
  6cd39669df96b4b5b9047f7689338d3beb9ad7f8be2fddc595ef1ecbc47481c2
- SHA512
  
  4a635e969cf2b09aab5f8723a3380c5e226bf0546019506d18de65c1e4a599d268b9ee2e03a65b245075f899a09697b7b535f1055c19344a411100c8f29d93b2
- SSDEEP
  
  1536:5Q4LHW4JUuuZIQLDdokwF7/ev4dYP/XFKqh3vijTOgFW9XlhgoMhSKWswfQ1weJ:5QKeqQfekwF72RPME5ay9oCg
Score

3^/10
behavioral21
- Target
  
  locales/et.pak
- Size
  
  113KB
- MD5
  
  fcdea2954549e5d8f1e7a5de36ae4f74
- SHA1
  
  41dcdcefbbab3e0e908d98ec9b6bac7eacecbb99
- SHA256
  
  d875bca2e8800657306727902f4f5fceec7415ea530bfa780ece0f016f792569
- SHA512
  
  37ea008078083a36b07b1f5d0ca6e16f62b06a19266d8042efc796bf33c53200f37d3a37f5b48d024dbfab9e6689ec9c3f22d6e37e3898fa7deb61ace1fb2df3
- SSDEEP
  
  1536:BMWIMnfB6lv3DyE4x8yoRjsg9jvuLEC8hu6HZ+sPQ3rJ:aWIMp6lvGE4x87j2LSu6jPQ39
Score

3^/10
behavioral22
- Target
  
  locales/fa.pak
- Size
  
  176KB
- MD5
  
  e3f56d4b0fa2878ed6847631d3b05dea
- SHA1
  
  627f48d5423afcb3cade0789f058d60867419041
- SHA256
  
  2ee67a38cce9ffae1a639be17c0ef7ed7c763d9c15c9621f300bf634e1f25a64
- SHA512
  
  e29c28717f31dc57c2294857680a439acec25478913ea425b0c7b6e50f3343b21fb7983c15352f9e3c001ffa0c8e500d92a1924acde32a4b5bf3f5b6c60c4142
- SSDEEP
  
  3072:bzeRs6hXv94Rawpa8k+6NS9/W2ESEmbzR2XQmN4o6Xsbdxv7fhb8YIO/ECuDgjl0:K3hXV4Rawpa8k+6NS9/W2ESEmbV2XQmU
Score

3^/10
behavioral23
- Target
  
  locales/fi.pak
- Size
  
  115KB
- MD5
  
  4f323a2eb73ccd029e742cee4dfa9769
- SHA1
  
  b860372d21cc55eb7ddbbf9f5bac61fed39426de
- SHA256
  
  e1888472c8e1330e70e514d0a1936749a7e5d39f67e7edc818661c2cbf3e301a
- SHA512
  
  d07d0f74736cd32d73b3a33867e65a25b727b5c30cb743162908e23d958fb3ae97285f600a9ef8196e61be9d450da5903d1e468fceb3b05ced93aa600387fddb
- SSDEEP
  
  3072:jf+1IQlWmiTJqWUEvIj+EE/18olzRj/xm0PjNM1z0gCX1hwSqmnf:f97EE/18o//J46X1hwyf
Score

3^/10
behavioral24
- Target
  
  resources/app.asar.unpacked/node_modules/screenshot-desktop/lib/win32/index.js
- Size
  
  3KB
- MD5
  
  d226502c9bf2ae0a7f029bd7930be88e
- SHA1
  
  6be773fb30c7693b338f7c911b253e4f430c2f9b
- SHA256
  
  77a3965315946a325ddcf0709d927ba72aa47f889976cbccf567c76cc545159f
- SHA512
  
  93f3d885dad1540b1f721894209cb7f164f0f6f92857d713438e0ce685fc5ee1fc94eb27296462cdeede49b30af8bf089a1fc2a34f8577479645d556aaac2f8e
Score

1^/10
behavioral25
- Target
  
  resources/app.asar.unpacked/node_modules/screenshot-desktop/lib/win32/screenCapture_1.3.2.bat
- Size
  
  13KB
- MD5
  
  da0f40d84d72ae3e9324ad9a040a2e58
- SHA1
  
  4ca7f6f90fb67dce8470b67010aa19aa0fd6253f
- SHA256
  
  818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b
- SHA512
  
  30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9
- SSDEEP
  
  384:4cr8sEcBeIXxqXhQsBxf5oBLBfXQM8ybCpGW1KTM+:4KEcRQBTxWlPZxWpG+Qx
Score

7^/10
- Executes dropped EXE
behavioral26
- Target
  
  resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

1^/10
behavioral27
- Target
  
  swiftshader/libEGL.dll
- Size
  
  445KB
- MD5
  
  be1b6fe26a1b5a3e1302c26ce5ce53f3
- SHA1
  
  c3cac08e89c4cc91eae1cc87e33a1dea723f1d78
- SHA256
  
  162abe61314e720384d8cdd43190a89df8a96de52f3ede7b6c58998f615d8546
- SHA512
  
  07dca111391dfb6b7e90d4be02071bc625128eeca0b9d9a3cebdc7916baec9f95cbbf906f2533befd6b62b9bbc69488ffa720f8d40c9710dd3b7d540d9dcaa55
- SSDEEP
  
  6144:NldwaUBIAHXboKn7YsGfJjjvQppfSH6RdW8wrpGLVgf8q:JWIsXboKnMAfSHChgUq
Score

1^/10
behavioral28
- Target
  
  swiftshader/libGLESv2.dll
- Size
  
  3.0MB
- MD5
  
  1e401ccda5b723ab8a595a54f7d2531c
- SHA1
  
  127716680dd16f776b19c2306d716935e54c5100
- SHA256
  
  c167a458174e2a280c39d7af31bd109e8e2921032a687097b584653adc33ab21
- SHA512
  
  1f2f35021f338aa7c5a0ae83c196217fbca6b1d017ac1bb4f1eebb93bd6e18c5d74c1a14bd4899d7a91d054b0139b2c4fc3271c35148ad1d8b71139aff0132fc
- SSDEEP
  
  49152:8NF/tcKnjh4NDNR32u7X5f2yRwT6mcavJ9BtCCp5kVtjjFCo5Z5UbNyJzSZ85C5c:8NIaqrNONEniz7P
Score

1^/10
behavioral29
- Target
  
  vk_swiftshader.dll
- Size
  
  4.3MB
- MD5
  
  77f7b4f46cb3e06b53729fd1e562dfef
- SHA1
  
  223c09805220ff2b5c1dcbdd5c0396231ea34f11
- SHA256
  
  a648cd4671b12b469c4d2de20c2ba2429c9388c0f9d4b3d9d2244853d0e5acb5
- SHA512
  
  6be9afda9320074c5842419cf8493d715ca65a3362d368d3a35e35a47d36f8197b0f19877485b41a06e21148613a77bb6275b0586c4a38da8a25efe6b5a6b571
- SSDEEP
  
  49152:ImuXbIxohwCWtm32rw3lYIDkhUw2B2w/XBnbtZNDNHI6iBewVqlnrSrMrXHYtvQi:Ca9dCeKOB
Score

1^/10
behavioral30
- Target
  
  vulkan-1.dll
- Size
  
  715KB
- MD5
  
  25afbdf6701013c57b19b92225920915
- SHA1
  
  009300dd4ab3b81794388ce7d126ae90ff97535f
- SHA256
  
  22bb65dd206ce7ee10c05557933a04a04144e1a8228d2a9d1e9d704b0b1b2f7c
- SHA512
  
  575e38b60948cb704c355ba9cf3457f2693c30f95e85f10f795e759652bf4317e18ba480bee8aafcea9108415e8e58f674b22c7513a9fabee765142486919a0e
- SSDEEP
  
  12288:oYa8yQ628GMAhXhpt1o9Sc4irKabLqYz/oD4C56:ZgQ6jHAhx71o9WirKaqYDa
Score

1^/10
behavioral31
- Target
  
  $PLUGINSDIR/nsis7z.dll
- Size
  
  424KB
- MD5
  
  80e44ce4895304c6a3a831310fbf8cd0
- SHA1
  
  36bd49ae21c460be5753a904b4501f1abca53508
- SHA256
  
  b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
- SHA512
  
  c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
- SSDEEP
  
  6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
Score

3^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Epsilon Stealer

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Adds Run key to start application

Looks up external IP address via web service

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32