empyrean | d54d3491570941698ac7e29ceedc611331e1b42b802ff53b19ff81fe2d3bd268 | Triage

Submit
Reports

Overview

overview

Static

static

Vegas 22 I...er.exe

windows7-x64

7

Vegas 22 I...er.exe

windows10-2004-x64

7

Sharing

General

Target

Vegas 22 Installer.exe
Size

17.8MB
Sample

240527-ds7v2sfc83
MD5

2269f966fac6608689b27c8fd0f8f4b6
SHA1

72b19b33010b5d130b4141aa3be69d69981155bb
SHA256

d54d3491570941698ac7e29ceedc611331e1b42b802ff53b19ff81fe2d3bd268
SHA512

10d76dffd87b08f141f7aaa925d5da68df181bb32ee877b888f1649bb84af1f98bc0fcedafc089c4c35b0264bc8f93d4604fd651779cb8595e0b799f6066d55b
SSDEEP

393216:XqPnLFXlrPmQ8DOETgsvfG3ghjzvE2PipK5aSq:aPLFXNOQhE8QjY+IKM

Score

10^/10

empyrean persistence pyinstaller spyware stealer upx

Static task

static1

pyinstaller empyrean

4 signatures

Behavioral task

behavioral1

Sample

Vegas 22 Installer.exe

Resource

win7-20240508-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

Vegas 22 Installer.exe

Resource

win10v2004-20240426-en

persistence spyware stealer upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  Vegas 22 Installer.exe
- Size
  
  17.8MB
- MD5
  
  2269f966fac6608689b27c8fd0f8f4b6
- SHA1
  
  72b19b33010b5d130b4141aa3be69d69981155bb
- SHA256
  
  d54d3491570941698ac7e29ceedc611331e1b42b802ff53b19ff81fe2d3bd268
- SHA512
  
  10d76dffd87b08f141f7aaa925d5da68df181bb32ee877b888f1649bb84af1f98bc0fcedafc089c4c35b0264bc8f93d4604fd651779cb8595e0b799f6066d55b
- SSDEEP
  
  393216:XqPnLFXlrPmQ8DOETgsvfG3ghjzvE2PipK5aSq:aPLFXNOQhE8QjY+IKM
Score

7^/10

upx persistence spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

pyinstallerempyrean

behavioral1

behavioral2

persistencespywarestealerupx

© 2018-2024

Terms | Privacy