epsilon | c35d052840a11e04e79b507fbc5c6e086bc9101ab602ac745d9ed343f2cee488

Resubmissions

01-06-2024 21:48

240601-1nsa5age89 10

01-06-2024 21:40

01-06-2024 21:33

01-06-2024 21:10

01-06-2024 20:55

Sharing

Copy URL

Twitter E-mail

General

Target

UnityLibManager.exe
Size

90.8MB
Sample

240601-1jd8psff6w
MD5

114fd33387b4888d2d62690655cd6dae
SHA1

c9cd2231dd18d0bed606eff81c1c20ff3bdd8bff
SHA256

c35d052840a11e04e79b507fbc5c6e086bc9101ab602ac745d9ed343f2cee488
SHA512

837aaeac5d3fbdf382c8dd5433c8035685a0f1dae1dc88e09e960b933ead20c9cbe6815bd9ae7542d4143242c49fffd10c0423a1090e1fb7a6c9d3985f90d789
SSDEEP

1572864:IUmwDpaW0RuEy0dEkqkktU063DpeyJ7UiGGYYWKq//TjlTkRBoly:FdD6c3pkktk3Dw07Ui59WKY/FTkQly

Score

10^/10

Malware Config

Targets

- Target
  
  UnityLibManager.exe
- Size
  
  90.8MB
- MD5
  
  114fd33387b4888d2d62690655cd6dae
- SHA1
  
  c9cd2231dd18d0bed606eff81c1c20ff3bdd8bff
- SHA256
  
  c35d052840a11e04e79b507fbc5c6e086bc9101ab602ac745d9ed343f2cee488
- SHA512
  
  837aaeac5d3fbdf382c8dd5433c8035685a0f1dae1dc88e09e960b933ead20c9cbe6815bd9ae7542d4143242c49fffd10c0423a1090e1fb7a6c9d3985f90d789
- SSDEEP
  
  1572864:IUmwDpaW0RuEy0dEkqkktU063DpeyJ7UiGGYYWKq//TjlTkRBoly:FdD6c3pkktk3Dw07Ui59WKY/FTkQly
Score

10^/10

epsilon spyware stealer
- Epsilon Stealer
  Information stealer.
  stealer epsilon
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral5 behavioral6
- Target
  
  LICENSES.chromium.html
- Size
  
  9.8MB
- MD5
  
  b620990ddbd932d6475152e5a833860e
- SHA1
  
  70de0b3d7ffa77900f685c1788b32997a61ec386
- SHA256
  
  921452a09f92f10da4cfef0521acd6ee6c689c630661ed35189e793de2c99fc5
- SHA512
  
  ba84b5e6281dd64d5da41d0db35942b6c0b1ee6b47d24dedd5006be40b2d22d90f58dc653e17893347900fb1bfcd37b0f2fff5b532175ccacc3b63d98fe42ac7
- SSDEEP
  
  24576:K+QQM6Ms6x5d1n+wRhXe1BmfEl6k6T6W6b6f6V6GeGj/3BIpx:LUcBeGdY
Score

1^/10
behavioral7 behavioral8
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.7MB
- MD5
  
  a7b7470c347f84365ffe1b2072b4f95c
- SHA1
  
  57a96f6fb326ba65b7f7016242132b3f9464c7a3
- SHA256
  
  af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a
- SHA512
  
  83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d
- SSDEEP
  
  49152:hCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvdiD0N+YEzI4og/RfzHLeHTRhFRN1:oG2QCwmHjnog/pzHAo/Ayc
Score

1^/10
behavioral9
- Target
  
  ffmpeg.dll
- Size
  
  2.6MB
- MD5
  
  d58b365e329560098328860fe4f34507
- SHA1
  
  4ddac44fac5fbadc47ae7dfde2fdf76241e1b691
- SHA256
  
  dd42cbda8d0e5a001c44b2113c9cb133ccc41e1c039a4d4adf9379ee5e657d57
- SHA512
  
  8fb31668d684cfa251fe42f8a12e953345e496f4bd15eac6175b91e092014c385f923b96e1b4210b68602a5dc876d382aa93e6657e0a4426a8be7ae3fec771da
- SSDEEP
  
  49152:rC8lp7/1UNZrhOP9YJQHUOWwGen6yfW0OfShPdb5x:EhOVYJiUOWwQaPB
Score

1^/10
behavioral10
- Target
  
  libEGL.dll
- Size
  
  469KB
- MD5
  
  45dffa2e9952dd2a16d469f18a537fcc
- SHA1
  
  505c6aedad53ddb0aa4cfb67db52f002451af744
- SHA256
  
  43a699c4755587ae83367c3e68c3887b7ba5ea0dbca35b097ce83be0b9b9b778
- SHA512
  
  61be64013aa295aa732b954b45f61105924a75928f260ddc6cb2e95bf36bd9e724523775b58f5922820e953b56d2a40c41e1f677b30561515193ed12dc7604a1
- SSDEEP
  
  6144:RmfOX/zRR8yWTDLMoqbAIbqkpXy0/KQPJrIJAG:cczRSyWTDY6IlpXy0/3h2H
Score

1^/10
behavioral11
- Target
  
  libGLESv2.dll
- Size
  
  7.6MB
- MD5
  
  12b856d52c4fa5ef56d3c45659494995
- SHA1
  
  4508c0b4945803fa692263b3f7618b3717fd970b
- SHA256
  
  6d291deea8d51c56df9b62770fb8a9945581c033495e6d906b43aafa6e059db4
- SHA512
  
  5f7b19e7bc12024a96ca441e908ee8950a0a858f10983e0e9590e3acba6a1246edf4ed3b7e2792a27e0794228613759e45188a3c422344eda09c0a9cdcb8981a
- SSDEEP
  
  98304:4laVNd6hP9OPvwfWm6sGnoDgCXm3o7KXs:jClGwpvGngCuK
Score

1^/10
behavioral12
- Target
  
  my-app-1.0.0.exe
- Size
  
  169.1MB
- MD5
  
  b43efe56dd3c84590056c8c87ad3e6f4
- SHA1
  
  9e490bbec3f132b7eb8ac39dd4d001da8b275b58
- SHA256
  
  d851af974512dc132e8931f8a5d9f443af614e7eb45c140fc8c8971dbb960d78
- SHA512
  
  0800a75016ba6b81de945aed51cac599b21fc24fd416ed360599f585d95a20781b7fa11cd9d7225a30b544ae768f0a38da1f427a42d406e21024b1a742fcaf74
- SSDEEP
  
  1572864:kKrstWwz6PqazPK3qyBcr35JBNLDD/FaCA7pmLMzCOtoAJnn/N0wIbyraIjR:8W0qr26byra
Score

10^/10

epsilon spyware stealer
- Epsilon Stealer
  Information stealer.
  stealer epsilon
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral13
- Target
  
  node_modules/koffi/build/koffi/freebsd_arm64/koffi.node
- Size
  
  4.8MB
- MD5
  
  6f6add10c7963bc0b0b28993b2b18030
- SHA1
  
  6499eb9c456bb68a5e92cab255c190310fef9d0f
- SHA256
  
  b8bf5dbf86997180ee4fd9dd05f0e831a8a467db400591d6d33741b4541ea1ca
- SHA512
  
  35a823865c2992cb24b9356d52d61db8f7f1b8c0ad8a412871630e0194fac61a697b9721b19005843a896843cd065a3c25c06500d912c6839b1457a664f576e2
- SSDEEP
  
  24576:ZDuEfN65uKy5Uoe/U9LFwhi1eIPJJ9uQEj5lsEBpQxiRXd7z5CiXtDBw9:ZKYNx5y8FfoIPiL
Score

1^/10
behavioral14 behavioral15 behavioral16 behavioral17
- Target
  
  node_modules/koffi/build/koffi/freebsd_ia32/koffi.node
- Size
  
  4.0MB
- MD5
  
  d8a45f0ac79a4c02a66d8570150f7818
- SHA1
  
  d538c11622e14c6785b1f53fd33c8c2136cf67e6
- SHA256
  
  a30c64fb1d18d4270dab5daf0927405c2da825b27bddb9148c97a85f3bddd95e
- SHA512
  
  1bdf59b973b495dcb03c2fc887b2196ba3ef42004885e8001bc422ebd9bcf5bde62a35bcf9a14e6a20ae3604cdd427bfa5458362ebabc31e16e9746419bf27b8
- SSDEEP
  
  24576:FeulS1Sj0P9GUaq/0xZ9nLzX7CSTRGmdBm8LBrxlfVaNBisDdUpKtMF9:LS0jsynnSm/rBrxlf
Score

1^/10
behavioral18
- Target
  
  node_modules/koffi/build/koffi/freebsd_x64/koffi.node
- Size
  
  5.2MB
- MD5
  
  4c550402c1b5e6059389277a2802853d
- SHA1
  
  2529f025e54deddf4714478f74192a87d2f8d5ac
- SHA256
  
  224cfe329f5a06bc05318bfe994f21343be953d8727bbd530f43e986be9b9c8c
- SHA512
  
  a9e48fa4f64a72a45b7461b3851396fdb96bea3412aba5c5097d6cc16865c18965d1ee8cf58d26992654210ecc3d74faa32692502bfd16316b530f42db7e9712
- SSDEEP
  
  49152:/8XSkwP0OMQU159NNHD+QbcS8SDxfdYJJLbFcvTU:/8iktuUcIVKBcvI
Score

1^/10
behavioral19
- Target
  
  node_modules/koffi/build/koffi/linux_arm32hf/koffi.node
- Size
  
  3.5MB
- MD5
  
  89c15edb696dea42bef34838e13bb6a6
- SHA1
  
  a8f58678faf50fb6a074c212e29276e9e36d8841
- SHA256
  
  41a801af4dab89b4809318c9735294d700475d5a0703d8fd19c537e5fd96f7b1
- SHA512
  
  36d39fc7cf21e2499922f19c01763c6eaac8854169f6afeb4d9275d2d2cec1683101edf4fa341968301298233d3606ee210e237975c3a7d3da15c7b4b4539596
- SSDEEP
  
  24576:YTvIIOrNxrUJNyx/S2oXqOrr68upFoZM4WuCoch4IClHEkYbfVY7PI:YTvADx62oXqOrr68FFRIIRPI
Score

1^/10
behavioral20
- Target
  
  node_modules/koffi/build/koffi/linux_arm64/koffi.node
- Size
  
  4.6MB
- MD5
  
  4fd860625055dab996e34290ae4d9beb
- SHA1
  
  6fa594f0c77ab941b7a5a0317c69907562065de6
- SHA256
  
  83aef394753ffb9fbfe6c0ee33a5ca122396525c4a817c6fb0714d3dc79a6bc2
- SHA512
  
  598414df0037ad63b3f0e2c6723eca33c9cfa4463fd19ae639e8242b1627ea582d37a37c0c96dfa6ef6195678fc84bb29392df823be8b345ee383788384c0858
- SSDEEP
  
  24576:jiat8toKZHqSJevIOplB0RkbesE7oXSTY6rO6X6RwLBwhOAsVD+jUEAJXRzaN:jiaDvIiuRbUicKXX66ubs+UhzaN
Score

1^/10
behavioral21 behavioral22 behavioral23 behavioral24
- Target
  
  node_modules/koffi/build/koffi/linux_ia32/koffi.node
- Size
  
  3.9MB
- MD5
  
  51fcab0ce0c80e81582a987f6527ba89
- SHA1
  
  11fea08a0d6586eb22a7fb04fd78927ce00e0bf9
- SHA256
  
  7722b44d96d37db8e48ef47fca228a0452968f514730c09e0b501e836e7b4c9b
- SHA512
  
  a33e5d822858d26ceb4d67017c8d965bdc3eb22db73dd9e5e3c28148dbcd12edc99ef2a957621a91b9f9b3fca621b171e2487663e642401be3e5d66ffc23e627
- SSDEEP
  
  49152:yPq7PyLZlNbkWf1Sc18G+fbi78Qtm+YP1:w3Lx4ah18PD68AYP1
Score

1^/10
behavioral25
- Target
  
  node_modules/koffi/build/koffi/linux_riscv64hf64/koffi.node
- Size
  
  3.3MB
- MD5
  
  96ad64976bbe2a529c118274a7efea3e
- SHA1
  
  d4f55a93e31655a1e5e275ac7f4d9f279b62d60f
- SHA256
  
  a3872b40a1934f77b5159f8907a21e869c589631b575508a18a07af8f90b6397
- SHA512
  
  879d16c4e3d2a5a394df2d694d1eb314af2774ec7fb455c40f4befc377fa1306c3757a0fa0671367516554109bbba58d8955c5780e3de5e85d7d0e19dc58de40
- SSDEEP
  
  49152:5L24bteeeeCCCCCQpFpBxF23vXniNyCONB:5COv23vXy9ONB
Score

1^/10
behavioral26 behavioral27 behavioral28 behavioral29
- Target
  
  node_modules/koffi/build/koffi/linux_x64/koffi.node
- Size
  
  5.2MB
- MD5
  
  035a947e997df4688eaee94bd1ccf3a2
- SHA1
  
  5c1deffac10b5b80aac7730a3cbb6931db3ff3f1
- SHA256
  
  8d33cb3383cec7ffcb946a2a661e9c8bf1ca31d07ff8dabef647b18b6e92b362
- SHA512
  
  d7adbf103092ad94d57da3bafc5f52520030262229c9a2a2a0684e5fbdb1a186a1c46fd8e1552f5e3c0a3334113cd974822b9b4688c3f0299546ca7884f5d1be
- SSDEEP
  
  49152:FEyTNxffQQnmF4s2WrnFdO0vf4crzQSw0b3YMKbr:pU52wnFzQYc9gYMKbr
Score

1^/10
behavioral30
- Target
  
  node_modules/koffi/build/koffi/openbsd_ia32/koffi.node
- Size
  
  4.0MB
- MD5
  
  201d002136b7db90d0cd71726d9b6e6f
- SHA1
  
  608996a45a9a4f0744440c01e8f1415d618b5731
- SHA256
  
  559f26b1bcbe6562c427e123b4bda6058af81fd3d8a82bf23a82ac5b7068858e
- SHA512
  
  8a7c256e7f658dd0ca1d57a27c865e940da04dd14feb6764fecf17cf43acfac075a1e86c9a274f27550a20c54002f100538788dc685c634a79b9b1a0df6c2051
- SSDEEP
  
  24576:oSjUEd5PBXJNGuJgjntLxIV7Ju7fi/vRY3p+UtrAQ4EjvGkZFu8kpSq7+huMRPcr:DBX+IV747fi/vRApptgS6uuM1c
Score

1^/10
behavioral31
- Target
  
  node_modules/koffi/build/koffi/openbsd_x64/koffi.node
- Size
  
  5.2MB
- MD5
  
  1185f0d6a2de30b127414be93bd46a43
- SHA1
  
  3e112c719be650c4a53083de820a2fee8e6d7e02
- SHA256
  
  eff00990d6a5d1340cf0cb9885dc9c46a5267ada9eb892a280f238ce21e667f9
- SHA512
  
  2e40ddbd40d16ec3d830835b06e6dfde578af6308910e9b7cc538bbce30437e415a8856a1fbd3973655f4d633b7d864fe96abdab073ce50c2925e69cc08717dc
- SSDEEP
  
  49152:+n0aZo8MqUIVcjZ6cgQsTQkgTHVD3cbMgSk:+n7bGI3qFMbHSk
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Epsilon Stealer

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Looks up external IP address via web service

Epsilon Stealer

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32