epsilon | 41d627b42ff2a81a4c463ae5078bd16ca2c7f23654f64b8cd17474c9d8558425

Resubmissions

Sharing

Copy URL

Twitter E-mail

General

Target

RAM.zip
Size

31.1MB
Sample

240413-3mx64aef4v
MD5

35aaadad91ac33b0cb04483cdc49b284
SHA1

197d7d08176d3cb94734899559f660d3cd7a52b3
SHA256

41d627b42ff2a81a4c463ae5078bd16ca2c7f23654f64b8cd17474c9d8558425
SHA512

bff03ebb80ad3423c78c89e6da2499989b09093fc88894718dce8e97e15d34baa2f129e972d553ec5bfde255442dee34d487e1384db7d96abdda7f63817c051b
SSDEEP

786432:6AgVAJ+0HJe5XXKPzWPkNWcc68Dg6SJ5g4xZv3Qn4VZ7Mt1g:pgE+o8XXUzWPkNWcH8Dg665g4xmS7MtC

Score

10^/10

Malware Config

Targets

- Target
  
  RAM.zip
- Size
  
  31.1MB
- MD5
  
  35aaadad91ac33b0cb04483cdc49b284
- SHA1
  
  197d7d08176d3cb94734899559f660d3cd7a52b3
- SHA256
  
  41d627b42ff2a81a4c463ae5078bd16ca2c7f23654f64b8cd17474c9d8558425
- SHA512
  
  bff03ebb80ad3423c78c89e6da2499989b09093fc88894718dce8e97e15d34baa2f129e972d553ec5bfde255442dee34d487e1384db7d96abdda7f63817c051b
- SSDEEP
  
  786432:6AgVAJ+0HJe5XXKPzWPkNWcc68Dg6SJ5g4xZv3Qn4VZ7Mt1g:pgE+o8XXUzWPkNWcH8Dg665g4xmS7MtC
Score

1^/10
behavioral1
- Target
  
  GameAssembly.dll
- Size
  
  23.0MB
- MD5
  
  0fdc867347f12ff3cf29b6b23891ca8c
- SHA1
  
  882c044747a06e2421a5aadbf11b0212b98a792e
- SHA256
  
  ed2879770c3825535b863b5754955041a671223ce02b827a31b17a260c2a1399
- SHA512
  
  eb9eb2ef992b49f50cacab34f4afacb9d0796dde792ead6077c45235eb7935805fb22e8bd0e66e46594fa97d3fee861379e63582e1122e5f84ef9ae84914a173
- SSDEEP
  
  393216:ejBcZ4r6zOU6mxvzfcfivc+nyz2Phd2ICkrJ9KzAKHGLuaonoDqlZAngyAz:ehz2ziE
Score

1^/10
behavioral2
- Target
  
  RAM.exe
- Size
  
  651KB
- MD5
  
  7cee4e8c43b5c92d57a3d809559c92e0
- SHA1
  
  7e6a7013b0d027d58611f2cd6f461f18155ca34a
- SHA256
  
  3e93ec5cc0224e1f7c4d6eaa6a34a333526058d622a5466bbcf833f3a1ce625f
- SHA512
  
  6216619de06fd7f0e5adde4a4c8860862c265d8a9f70a077656add39a4b5eb1d87325a4d3bb579e0780a5423240356616ecb385b8b5575c09c8c79781aa445d1
- SSDEEP
  
  3072:kQJHVdFgIW9mYucJ/OD8JVsIl3rLIr67G2E1:5H7FG9mpcJ/OD8qrn
Score

10^/10

epsilon evasion persistence spyware stealer
- Epsilon Stealer
  Information stealer.
  stealer epsilon
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3
- Target
  
  RAM_Data/Plugins/x86_64/KS_Diagnostics_Process.dll
- Size
  
  4.9MB
- MD5
  
  9ffd4b950fef075cdc7059c0c7a7c202
- SHA1
  
  b043a1d763b6fd943bd5ffd3526566105b34c9f9
- SHA256
  
  7f3a6750ad394103070c8370b4b3b96ff93dc7a2a7da543f60b3029f6a73fa8a
- SHA512
  
  a2dcbb96007c4e176da08ad92b5b14713abdcbc6007bb856297b6d926e16de1d81fc05b3f6a3d0749c07d7a3ad8f57ee011d3baa0b10e05f001de5d4d92356a5
- SSDEEP
  
  49152:ZIW2dGyJkJUkjvR3SGa2MV/b2ecedRIRPCW3+fJI6F38984JFynbdyO+BvjP:7O0iMMVHdRIRPCSghnbdyO+xP
Score

1^/10
behavioral4
- Target
  
  RAM_Data/Plugins/x86_64/lib_burst_generated.dll
- Size
  
  88KB
- MD5
  
  c8a6117cd63f3cd30b1681d080f8db78
- SHA1
  
  8837416c46493d339ebc229d3d0a51463edb5c94
- SHA256
  
  8ed5a3bcd12e3bc15a666582e1b12bc5416445f447efd6880728bf6f7513066d
- SHA512
  
  b13d6bfb08e7c6df58861d43d129725c2e9cdeb33e84fa2b9178df4cec11abbcdb1ab03e8d676d4d3859fd4d8e6748dd1ca1bcc3aee8f738a85665b02c2b68e7
- SSDEEP
  
  1536:9tr1GSuE8nkC87LdySNBmCQzbOC7y3m8jdVDg9cZ+RmsEna93cWwl8:XMSuzylTVInXRpEnk3cWw2
Score

1^/10
behavioral5
- Target
  
  RAM_Data/Resources/unity default resources
- Size
  
  5.6MB
- MD5
  
  7c01efd7e459bcf10e9234d9704f3de3
- SHA1
  
  3a5157f78b8faa92de52e11d9c44b1e2a5e426e2
- SHA256
  
  4a9ef565a53250a65e76eec73367e1bdcd0bed7cc58f8df19c4ad46c6e033039
- SHA512
  
  0aa60e099b5c0811f2fda708ddf091c741c14a6cc3a1e9fd6a8cd8c360e7168d5b1ff9f3d5257798f0292b582ca8c617968efb393449a3f1035a3da3be4b777b
- SSDEEP
  
  12288:bZBsd05vWGa5eUC+Ss6TpQtPOhEvOjdCTYUw:Z9aU0SBAJvAkT
Score

1^/10
behavioral6
- Target
  
  RAM_Data/Resources/unity_builtin_extra
- Size
  
  363KB
- MD5
  
  5c1b6b54177d3b21f0674cf6d6b0b261
- SHA1
  
  e7ca71fcecba7c406c4a8df5764e708fd023e9e3
- SHA256
  
  0855cdc7649e8c7c979e9ba5583267b349996fe03c8aa5ecde777d59d4d3c132
- SHA512
  
  884e7b9ba6f1afccfc4ee4724835c77675417854f588ac5adff26ae688e58e518b008ed26615000d757d8de2b22915b87bd372c4a92b631be070de1b662fe314
- SSDEEP
  
  3072:ljipDxxNPZ9B13b/fDPolc6ko3Hi7rL2l:ljiZxxVP/fDPkJ3C7ml
Score

1^/10
behavioral7
- Target
  
  RAM_Data/RuntimeInitializeOnLoads.json
- Size
  
  700B
- MD5
  
  d2579a071fb2371024bc3689fc8e82a3
- SHA1
  
  598625b1377b0a9580d2ae1bf0df3230d8662073
- SHA256
  
  1f24ac55efc1eca154804c4c4c5b10b13ea8064b2203cd502d715b0da083fc82
- SHA512
  
  3f2ca4800b8aed29d574ed9ebdfe6b0648b9dbdeb6b962812c06fe17ff8170303e7d0e29ecb6947d34cdc1bc5f9e2c6711d1119669e6955f30c80b953430afc6
Score

3^/10
behavioral8
- Target
  
  RAM_Data/ScriptingAssemblies.json
- Size
  
  3KB
- MD5
  
  c4493529b0156b989b98a5a1e4b9bcea
- SHA1
  
  c5568c01a20e7464a89b42950612757d0e817278
- SHA256
  
  93946d270caa5b8b4d40bd92719ff26d1008f72d5df51f95567099b359c068bf
- SHA512
  
  7ad7642ba627520f0ab4c06893ead8f2f1edf7111bca3ef110a0493c895e252626b61a0b4c766b82545febbab42592917901fc283e55a83d50edbbdf98e1ef2c
Score

3^/10
behavioral9
- Target
  
  RAM_Data/app.info
- Size
  
  7B
- MD5
  
  c4c05c9397b3c281c0c0c333d1c594de
- SHA1
  
  7b192dde8197a85f54950d23a5b33fa842661983
- SHA256
  
  bb1d6ace9d0382a60c019c8c9f9dcb7adc5338a01d252b9b7201f72064672ed2
- SHA512
  
  231dfc47cc6a3c735318cb154ff31a96908c39df4a9626a967a287aaeedaf4d501fb6c50edbfd12f05ac6a32913540f94a6d0d8f33c48123bd392cc5b97e58de
Score

3^/10
behavioral10
- Target
  
  RAM_Data/boot.config
- Size
  
  134B
- MD5
  
  50d8c8420914fcb199cc3ed1c8a1311f
- SHA1
  
  4c5d4ff60cc971f9521a5adcfa4c7988e9a84fb8
- SHA256
  
  ce1cca2162d44ece3274540fd90f8bb5fceba31ef91843dc20a0d9dc61c013eb
- SHA512
  
  1bab416a0eab1aa2a998f6c5f391ad091107c74c1316b53332e91f2c476167b573dbbafa960d7a5c492211bf8318b662b61a9a05cffd86a65d83046d3cf68c4d
Score

3^/10
behavioral11
- Target
  
  RAM_Data/globalgamemanagers
- Size
  
  73KB
- MD5
  
  17474d5bd22680798402921a46a0b7ac
- SHA1
  
  64f9dd8ce64f300d210f4466f1383aca1cd60658
- SHA256
  
  ff0ad994a49e75b4b8d8e752561670fd2609970af0d952530066fe165e6abeed
- SHA512
  
  8947e4a77177b3e51da964c68571bdc3fb9fc7ffb339a102e6ab55e1eb160b48f1ef67acc8d908194948a3c4f5e0b61388b7f0a4b44bf9d9bf3e973ffa23691d
- SSDEEP
  
  1536:HhrkuCLSTuM85ymhKor+ic4KhYZRwzXBva8:eZRhyiX4YZK1va8
Score

1^/10
behavioral12
- Target
  
  RAM_Data/globalgamemanagers.assets
- Size
  
  165KB
- MD5
  
  b6fcc0097e5f9546f2b19aee93f5bc74
- SHA1
  
  aa138e0c85ef4dbffb6ef310b51004ce9f2f110c
- SHA256
  
  44144c265ed1022900987eee70d9ae8179b4069f375c3833c78c2a95bb6aa938
- SHA512
  
  d5881ae74426dc8c651d458ca61740b903e0bb4b8680348e0f1bfd113ce76ea4b242f454bf026ca99620cdce942cb413a845860bd9afa97a1741605282b26f0d
- SSDEEP
  
  1536:ViysoRKZOsV35jPeBzG7Tjnmy9jdcxib13gWzUuIVWmY5p:VfJsV5PeBoTLmsgzVWmY5
Score

3^/10
behavioral13
- Target
  
  RAM_Data/globalgamemanagers.assets.resS
- Size
  
  2.7MB
- MD5
  
  7423e95b309c209a70c3b8112f61d473
- SHA1
  
  8c8d65e4df4f89c0fa77b5ba6a8ec737113ef592
- SHA256
  
  39dd38fcd8dd95d41d6d55fe16a448d29fe2c31d9a162c825c24c6d99a893d7a
- SHA512
  
  617856a9aff5b357085a59ffc6bfd8a107a48ee22849ee190bdc1e81e1bdf9d9be9fb1fdaa5edd89b65ce1fc63a5525731f6526b14379b72c5396fd202d772aa
- SSDEEP
  
  1536:8nCugW37Qc/WRI5YYt3I/cTj3PzZxwWDPoAw5LoWi:4UW3stRLuxv3PQQQAJ
Score

3^/10
behavioral14
- Target
  
  RAM_Data/il2cpp_data/Metadata/global-metadata.dat
- Size
  
  5.3MB
- MD5
  
  fd50b3a279e1dd5e913bbc0239b98373
- SHA1
  
  09ff7fb8c8ef248d0b5dc5e109846b75b939e544
- SHA256
  
  c08981f6504d55e8b9d5dde314463f794b8a14c7abc298414194551c566840e6
- SHA512
  
  1863956f0c81d2712035b140eba91f78b39e919fdbc1b2594c29b86833a04b8db21a694332b2a4eb007dd324b4b9b0609608df00d195ced5cd52a38838055e9e
- SSDEEP
  
  49152:cklyJpFOjriJJze72vEJP6yXk4JVGxflE2o3KBeQh1KuT:7rSTvEPXkB9AKLDKA
Score

3^/10
behavioral15
- Target
  
  RAM_Data/il2cpp_data/Resources/mscorlib.dll-resources.dat
- Size
  
  329KB
- MD5
  
  21d06dbc8af6432b2b49536ed30609af
- SHA1
  
  11a1c0e2ab2f8c06fe4507535ed47e0dd279a60d
- SHA256
  
  c5baa176a5b72cd545266340e42102d393a5e43d38c95796bc828918bb95277f
- SHA512
  
  2971f54eaa14c3ce6e2352e5a1aea5b044f0894bf4eac92de8cd92515b6473b5ca56ebfcad4369a9d4935cbefea2540a83f332fd4d832c37768310e8776ceb5e
- SSDEEP
  
  3072:c5j+evAPQ48RhHkXKSmLZsumnWpevI1kMqXkD3by+BEL:crvS8rHXSmJmnjvXkSr
Score

3^/10
behavioral16
- Target
  
  RAM_Data/level0
- Size
  
  21KB
- MD5
  
  c2ff76efd63d54d4e1f6efd262e81ab0
- SHA1
  
  f17e3826081c38a3fb399d97a1d65d25fc8bf836
- SHA256
  
  3ba209fd26ca3f31260462816879dd9d3fd4f939d07a4b5b93f268fc12444e0a
- SHA512
  
  25c4d3d18da551c96539c55c8cf36f49d663428fa06fa2ee53416210bdf4939da522c01ccac513c1f79f5d88bd222324396e3b707220669c8266721e694f10fb
- SSDEEP
  
  96:UPDKDZyq7Zp4YrUKeaAFbP6RIn2WqE4xj7i944M8C/kHlEKbE6dQ20jF+D0jS+4X:UWn+FbPd2WIxvFyJvNkzKe99SMUTj9
Score

1^/10
behavioral17
- Target
  
  RAM_Data/sharedassets0.assets
- Size
  
  50KB
- MD5
  
  9bad58033d9907e5af616424f5a90e80
- SHA1
  
  4a5067e490849454eca116df0e623a414492145a
- SHA256
  
  8ada32ace04c773ab89cd0dfd152e51fdebbc765fac928782dec830c171f563b
- SHA512
  
  fec43dc0407a6461cde0c7117e18a379379fe6b8c920c76dc5a3889963ca44e34d0c947f2a9887fd2c8e0a7fef33f4ffa6c120216101a658bb1f54b0583bab33
- SSDEEP
  
  192:84bvfYSyHC7owL4b6+LEtCWPaTfbuufI4l:JwrHC7owL4O+LEMJdl
Score

3^/10
behavioral18
- Target
  
  RAM_Data/sharedassets0.assets.resS
- Size
  
  65.7MB
- MD5
  
  764dad76653d445cf25cd0dfacd20c62
- SHA1
  
  966449f7ecfd0e2926559af3d1769886999a5665
- SHA256
  
  40c23970a3ae8b4ce50447b2bfa6061f3ab676788c13ec47c6fa07bbdc5cecfa
- SHA512
  
  46a3a94ae20902f41ffb1b5bf97e1e6ffd17cc714ed10a3a192ddf3af41a901bed6a7230bb8ef24e073946c98a72ccc4936efe4ac81cf1cd32acb189717be4d4
- SSDEEP
  
  98304:S1yfOke1432HwWjoHq4DGCBwqAfiidCKJcFGgaD0Yu05KCahZdinCjfuN:TWrgYRjoH/3Pm/KGgaD0Yu05zwZUnCz
Score

3^/10
behavioral19
- Target
  
  UnityCrashHandler64.exe
- Size
  
  1.1MB
- MD5
  
  050c4bb0ff06d89b52af110c2ada1a55
- SHA1
  
  73c5768852d7440e31194891054407ee447dcf5b
- SHA256
  
  b31f519dcfacd529695a0cc710850b31ef41ab8ab5996b2edb84d97926901918
- SHA512
  
  34411c03dac23e5660e8dfa98b4d51dc281c1e8fdaab5303a39269504c9034a89f2110fe5417893feb674aaf16275b980ee27f7d4e0322780a6611000f319298
- SSDEEP
  
  12288:skrEdtytWENGu+ptlkekTbkXepg8sTJqT64ux3C1AboWorqZZaiQfz2fzAS:skrEdtytLNJOtlOHsTJqaSibq0gz+zAS
Score

1^/10
behavioral20
- Target
  
  UnityPlayer.dll
- Size
  
  28.6MB
- MD5
  
  8b939ab1dfa3dab667623b1e4d5cc4b2
- SHA1
  
  fdb1921c1123df7f25007253d65e2d1d8ab9403d
- SHA256
  
  a881850d83b247575921a91f98a962ac91eb5f1b3c9622ccc1851cb35945e201
- SHA512
  
  1e874c47b33b5560fbae0142eba7f98520a6119326093a569657ef23a98a6b49d0f3b3bd5aea7b397a721df061bdf4b981e7fd28bdecd85cf79a6690977347a6
- SSDEEP
  
  393216:C4/5CVR2KpqiFPaRoQlgnx3SVjlmiaxOhlllxcd+dciF4b8czkVn:CqoQynclmg/0bzkB
Score

1^/10
behavioral21
- Target
  
  baselib.dll
- Size
  
  409KB
- MD5
  
  da596aeb484d88ff32afba58b10fb704
- SHA1
  
  2d8470f26a723e5c79735bf782a1e6420090e0bc
- SHA256
  
  b5e1148dffaebc91b997fbb8727fbfebd90a1e7d28b23f95c35ca54940f26a14
- SHA512
  
  7ca3f60aca2bd7b33a0acd25dcb52beb7b77e569392dacf5ff57503628e741d42f13c4d34991a4ead1cbf9bbafe25ebba7152055cfa15b4ac56a0115ad984d3a
- SSDEEP
  
  6144:hHdA6HG+G5c2xGUGvojVM3eocrlf9dtpV921DmPeh0F6FFDMHWz:1dA6HGtimVVoc3pV921CWX
Score

1^/10
behavioral22