Overview

overview

10

Static

static

1

amazing-game.html

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    amazing-game

  • Size

    21KB

  • Sample

    240415-xnpcpafh2v

  • MD5

    5c43ff6d41b101f650e5a7f08f3cc6fd

  • SHA1

    987423c597ac8f56c8b48352a70aca956d386f52

  • SHA256

    85c79154a095574cbcba3c202050244f92768fd92837340f208472b50938f8d2

  • SHA512

    7f0488771680d3fee1111fbed0f50c880c3d1d2995be52fd09a8ae714d61d58aba40af9f6484aa29625e20e661f3004a29cdb8691fc08488ae2fb05da415d83c

  • SSDEEP

    384:bHc1Krf2+iD57im8RY0kufRZdldjiQi6K8XhDJNSJBfnW2KoA52T/dCdlONpRZdc:bHc1Krf2+iD5ObeGKs5JoJZyoA52T/do

Score
10/10
epsilondiscoveryevasionpersistencespywarestealer

Malware Config

Targets

    • Target

      amazing-game

    • Size

      21KB

    • MD5

      5c43ff6d41b101f650e5a7f08f3cc6fd

    • SHA1

      987423c597ac8f56c8b48352a70aca956d386f52

    • SHA256

      85c79154a095574cbcba3c202050244f92768fd92837340f208472b50938f8d2

    • SHA512

      7f0488771680d3fee1111fbed0f50c880c3d1d2995be52fd09a8ae714d61d58aba40af9f6484aa29625e20e661f3004a29cdb8691fc08488ae2fb05da415d83c

    • SSDEEP

      384:bHc1Krf2+iD57im8RY0kufRZdldjiQi6K8XhDJNSJBfnW2KoA52T/dCdlONpRZdc:bHc1Krf2+iD5ObeGKs5JoJZyoA52T/do

    Score
    10/10
    epsilondiscoveryevasionpersistencespywarestealer

    • Epsilon Stealer

      Information stealer.

      stealerepsilon

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Downloads MZ/PE file

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks