Overview

overview

10

Static

static

3

c35d052840...88.exe

windows7-x64

7

c35d052840...88.exe

windows10-2004-x64

10

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

LICENSES.c...m.html

windows7-x64

1

LICENSES.c...m.html

windows10-2004-x64

1

d3dcompiler_47.dll

windows10-2004-x64

1

ffmpeg.dll

windows10-2004-x64

1

libEGL.dll

windows10-2004-x64

1

libGLESv2.dll

windows10-2004-x64

1

my-app-1.0.0.exe

windows10-2004-x64

10

node_modul...i.node

ubuntu-18.04-amd64

node_modul...i.node

debian-9-armhf

node_modul...i.node

debian-9-mips

node_modul...i.node

debian-9-mipsel

node_modul...i.node

ubuntu-18.04-amd64

1

node_modul...i.node

ubuntu-24.04-amd64

1

node_modul...i.node

debian-9-armhf

1

node_modul...i.node

ubuntu-18.04-amd64

node_modul...i.node

debian-9-armhf

node_modul...i.node

debian-9-mips

node_modul...i.node

debian-9-mipsel

node_modul...i.node

ubuntu-24.04-amd64

1

node_modul...i.node

ubuntu-18.04-amd64

node_modul...i.node

debian-9-armhf

node_modul...i.node

debian-9-mips

node_modul...i.node

debian-9-mipsel

node_modul...i.node

ubuntu-24.04-amd64

1

node_modul...i.node

ubuntu-18.04-amd64

1

node_modul...i.node

ubuntu-22.04-amd64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c35d052840a11e04e79b507fbc5c6e086bc9101ab602ac745d9ed343f2cee488

  • Size

    90.8MB

  • Sample

    240601-2d4rvahf36

  • MD5

    114fd33387b4888d2d62690655cd6dae

  • SHA1

    c9cd2231dd18d0bed606eff81c1c20ff3bdd8bff

  • SHA256

    c35d052840a11e04e79b507fbc5c6e086bc9101ab602ac745d9ed343f2cee488

  • SHA512

    837aaeac5d3fbdf382c8dd5433c8035685a0f1dae1dc88e09e960b933ead20c9cbe6815bd9ae7542d4143242c49fffd10c0423a1090e1fb7a6c9d3985f90d789

  • SSDEEP

    1572864:IUmwDpaW0RuEy0dEkqkktU063DpeyJ7UiGGYYWKq//TjlTkRBoly:FdD6c3pkktk3Dw07Ui59WKY/FTkQly

Score
10/10
epsilonlinuxspywarestealer

Malware Config

Targets

    • Target

      c35d052840a11e04e79b507fbc5c6e086bc9101ab602ac745d9ed343f2cee488

    • Size

      90.8MB

    • MD5

      114fd33387b4888d2d62690655cd6dae

    • SHA1

      c9cd2231dd18d0bed606eff81c1c20ff3bdd8bff

    • SHA256

      c35d052840a11e04e79b507fbc5c6e086bc9101ab602ac745d9ed343f2cee488

    • SHA512

      837aaeac5d3fbdf382c8dd5433c8035685a0f1dae1dc88e09e960b933ead20c9cbe6815bd9ae7542d4143242c49fffd10c0423a1090e1fb7a6c9d3985f90d789

    • SSDEEP

      1572864:IUmwDpaW0RuEy0dEkqkktU063DpeyJ7UiGGYYWKq//TjlTkRBoly:FdD6c3pkktk3Dw07Ui59WKY/FTkQly

    Score
    10/10
    epsilonspywarestealer

    • Epsilon Stealer

      Information stealer.

      stealerepsilon

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      100KB

    • MD5

      c6a6e03f77c313b267498515488c5740

    • SHA1

      3d49fc2784b9450962ed6b82b46e9c3c957d7c15

    • SHA256

      b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

    • SHA512

      9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

    • SSDEEP

      3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    behavioral5behavioral6

    • Target

      LICENSES.chromium.html

    • Size

      9.8MB

    • MD5

      b620990ddbd932d6475152e5a833860e

    • SHA1

      70de0b3d7ffa77900f685c1788b32997a61ec386

    • SHA256

      921452a09f92f10da4cfef0521acd6ee6c689c630661ed35189e793de2c99fc5

    • SHA512

      ba84b5e6281dd64d5da41d0db35942b6c0b1ee6b47d24dedd5006be40b2d22d90f58dc653e17893347900fb1bfcd37b0f2fff5b532175ccacc3b63d98fe42ac7

    • SSDEEP

      24576:K+QQM6Ms6x5d1n+wRhXe1BmfEl6k6T6W6b6f6V6GeGj/3BIpx:LUcBeGdY

    Score
    1/10
    behavioral7behavioral8

    • Target

      d3dcompiler_47.dll

    • Size

      4.7MB

    • MD5

      a7b7470c347f84365ffe1b2072b4f95c

    • SHA1

      57a96f6fb326ba65b7f7016242132b3f9464c7a3

    • SHA256

      af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a

    • SHA512

      83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

    • SSDEEP

      49152:hCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvdiD0N+YEzI4og/RfzHLeHTRhFRN1:oG2QCwmHjnog/pzHAo/Ayc

    Score
    1/10
    behavioral9

    • Target

      ffmpeg.dll

    • Size

      2.6MB

    • MD5

      d58b365e329560098328860fe4f34507

    • SHA1

      4ddac44fac5fbadc47ae7dfde2fdf76241e1b691

    • SHA256

      dd42cbda8d0e5a001c44b2113c9cb133ccc41e1c039a4d4adf9379ee5e657d57

    • SHA512

      8fb31668d684cfa251fe42f8a12e953345e496f4bd15eac6175b91e092014c385f923b96e1b4210b68602a5dc876d382aa93e6657e0a4426a8be7ae3fec771da

    • SSDEEP

      49152:rC8lp7/1UNZrhOP9YJQHUOWwGen6yfW0OfShPdb5x:EhOVYJiUOWwQaPB

    Score
    1/10
    behavioral10

    • Target

      libEGL.dll

    • Size

      469KB

    • MD5

      45dffa2e9952dd2a16d469f18a537fcc

    • SHA1

      505c6aedad53ddb0aa4cfb67db52f002451af744

    • SHA256

      43a699c4755587ae83367c3e68c3887b7ba5ea0dbca35b097ce83be0b9b9b778

    • SHA512

      61be64013aa295aa732b954b45f61105924a75928f260ddc6cb2e95bf36bd9e724523775b58f5922820e953b56d2a40c41e1f677b30561515193ed12dc7604a1

    • SSDEEP

      6144:RmfOX/zRR8yWTDLMoqbAIbqkpXy0/KQPJrIJAG:cczRSyWTDY6IlpXy0/3h2H

    Score
    1/10
    behavioral11

    • Target

      libGLESv2.dll

    • Size

      7.6MB

    • MD5

      12b856d52c4fa5ef56d3c45659494995

    • SHA1

      4508c0b4945803fa692263b3f7618b3717fd970b

    • SHA256

      6d291deea8d51c56df9b62770fb8a9945581c033495e6d906b43aafa6e059db4

    • SHA512

      5f7b19e7bc12024a96ca441e908ee8950a0a858f10983e0e9590e3acba6a1246edf4ed3b7e2792a27e0794228613759e45188a3c422344eda09c0a9cdcb8981a

    • SSDEEP

      98304:4laVNd6hP9OPvwfWm6sGnoDgCXm3o7KXs:jClGwpvGngCuK

    Score
    1/10
    behavioral12

    • Target

      my-app-1.0.0.exe

    • Size

      169.1MB

    • MD5

      b43efe56dd3c84590056c8c87ad3e6f4

    • SHA1

      9e490bbec3f132b7eb8ac39dd4d001da8b275b58

    • SHA256

      d851af974512dc132e8931f8a5d9f443af614e7eb45c140fc8c8971dbb960d78

    • SHA512

      0800a75016ba6b81de945aed51cac599b21fc24fd416ed360599f585d95a20781b7fa11cd9d7225a30b544ae768f0a38da1f427a42d406e21024b1a742fcaf74

    • SSDEEP

      1572864:kKrstWwz6PqazPK3qyBcr35JBNLDD/FaCA7pmLMzCOtoAJnn/N0wIbyraIjR:8W0qr26byra

    Score
    10/10
    epsilonspywarestealer

    • Epsilon Stealer

      Information stealer.

      stealerepsilon

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral13

    • Target

      node_modules/koffi/build/koffi/freebsd_arm64/koffi.node

    • Size

      4.8MB

    • MD5

      6f6add10c7963bc0b0b28993b2b18030

    • SHA1

      6499eb9c456bb68a5e92cab255c190310fef9d0f

    • SHA256

      b8bf5dbf86997180ee4fd9dd05f0e831a8a467db400591d6d33741b4541ea1ca

    • SHA512

      35a823865c2992cb24b9356d52d61db8f7f1b8c0ad8a412871630e0194fac61a697b9721b19005843a896843cd065a3c25c06500d912c6839b1457a664f576e2

    • SSDEEP

      24576:ZDuEfN65uKy5Uoe/U9LFwhi1eIPJJ9uQEj5lsEBpQxiRXd7z5CiXtDBw9:ZKYNx5y8FfoIPiL

    Score
    1/10
    behavioral14behavioral15behavioral16behavioral17

    • Target

      node_modules/koffi/build/koffi/freebsd_ia32/koffi.node

    • Size

      4.0MB

    • MD5

      d8a45f0ac79a4c02a66d8570150f7818

    • SHA1

      d538c11622e14c6785b1f53fd33c8c2136cf67e6

    • SHA256

      a30c64fb1d18d4270dab5daf0927405c2da825b27bddb9148c97a85f3bddd95e

    • SHA512

      1bdf59b973b495dcb03c2fc887b2196ba3ef42004885e8001bc422ebd9bcf5bde62a35bcf9a14e6a20ae3604cdd427bfa5458362ebabc31e16e9746419bf27b8

    • SSDEEP

      24576:FeulS1Sj0P9GUaq/0xZ9nLzX7CSTRGmdBm8LBrxlfVaNBisDdUpKtMF9:LS0jsynnSm/rBrxlf

    Score
    1/10
    behavioral18

    • Target

      node_modules/koffi/build/koffi/freebsd_x64/koffi.node

    • Size

      5.2MB

    • MD5

      4c550402c1b5e6059389277a2802853d

    • SHA1

      2529f025e54deddf4714478f74192a87d2f8d5ac

    • SHA256

      224cfe329f5a06bc05318bfe994f21343be953d8727bbd530f43e986be9b9c8c

    • SHA512

      a9e48fa4f64a72a45b7461b3851396fdb96bea3412aba5c5097d6cc16865c18965d1ee8cf58d26992654210ecc3d74faa32692502bfd16316b530f42db7e9712

    • SSDEEP

      49152:/8XSkwP0OMQU159NNHD+QbcS8SDxfdYJJLbFcvTU:/8iktuUcIVKBcvI

    Score
    1/10
    behavioral19

    • Target

      node_modules/koffi/build/koffi/linux_arm32hf/koffi.node

    • Size

      3.5MB

    • MD5

      89c15edb696dea42bef34838e13bb6a6

    • SHA1

      a8f58678faf50fb6a074c212e29276e9e36d8841

    • SHA256

      41a801af4dab89b4809318c9735294d700475d5a0703d8fd19c537e5fd96f7b1

    • SHA512

      36d39fc7cf21e2499922f19c01763c6eaac8854169f6afeb4d9275d2d2cec1683101edf4fa341968301298233d3606ee210e237975c3a7d3da15c7b4b4539596

    • SSDEEP

      24576:YTvIIOrNxrUJNyx/S2oXqOrr68upFoZM4WuCoch4IClHEkYbfVY7PI:YTvADx62oXqOrr68FFRIIRPI

    Score
    1/10
    behavioral20

    • Target

      node_modules/koffi/build/koffi/linux_arm64/koffi.node

    • Size

      4.6MB

    • MD5

      4fd860625055dab996e34290ae4d9beb

    • SHA1

      6fa594f0c77ab941b7a5a0317c69907562065de6

    • SHA256

      83aef394753ffb9fbfe6c0ee33a5ca122396525c4a817c6fb0714d3dc79a6bc2

    • SHA512

      598414df0037ad63b3f0e2c6723eca33c9cfa4463fd19ae639e8242b1627ea582d37a37c0c96dfa6ef6195678fc84bb29392df823be8b345ee383788384c0858

    • SSDEEP

      24576:jiat8toKZHqSJevIOplB0RkbesE7oXSTY6rO6X6RwLBwhOAsVD+jUEAJXRzaN:jiaDvIiuRbUicKXX66ubs+UhzaN

    Score
    1/10
    behavioral21behavioral22behavioral23behavioral24

    • Target

      node_modules/koffi/build/koffi/linux_ia32/koffi.node

    • Size

      3.9MB

    • MD5

      51fcab0ce0c80e81582a987f6527ba89

    • SHA1

      11fea08a0d6586eb22a7fb04fd78927ce00e0bf9

    • SHA256

      7722b44d96d37db8e48ef47fca228a0452968f514730c09e0b501e836e7b4c9b

    • SHA512

      a33e5d822858d26ceb4d67017c8d965bdc3eb22db73dd9e5e3c28148dbcd12edc99ef2a957621a91b9f9b3fca621b171e2487663e642401be3e5d66ffc23e627

    • SSDEEP

      49152:yPq7PyLZlNbkWf1Sc18G+fbi78Qtm+YP1:w3Lx4ah18PD68AYP1

    Score
    1/10
    behavioral25

    • Target

      node_modules/koffi/build/koffi/linux_riscv64hf64/koffi.node

    • Size

      3.3MB

    • MD5

      96ad64976bbe2a529c118274a7efea3e

    • SHA1

      d4f55a93e31655a1e5e275ac7f4d9f279b62d60f

    • SHA256

      a3872b40a1934f77b5159f8907a21e869c589631b575508a18a07af8f90b6397

    • SHA512

      879d16c4e3d2a5a394df2d694d1eb314af2774ec7fb455c40f4befc377fa1306c3757a0fa0671367516554109bbba58d8955c5780e3de5e85d7d0e19dc58de40

    • SSDEEP

      49152:5L24bteeeeCCCCCQpFpBxF23vXniNyCONB:5COv23vXy9ONB

    Score
    1/10
    behavioral26behavioral27behavioral28behavioral29

    • Target

      node_modules/koffi/build/koffi/linux_x64/koffi.node

    • Size

      5.2MB

    • MD5

      035a947e997df4688eaee94bd1ccf3a2

    • SHA1

      5c1deffac10b5b80aac7730a3cbb6931db3ff3f1

    • SHA256

      8d33cb3383cec7ffcb946a2a661e9c8bf1ca31d07ff8dabef647b18b6e92b362

    • SHA512

      d7adbf103092ad94d57da3bafc5f52520030262229c9a2a2a0684e5fbdb1a186a1c46fd8e1552f5e3c0a3334113cd974822b9b4688c3f0299546ca7884f5d1be

    • SSDEEP

      49152:FEyTNxffQQnmF4s2WrnFdO0vf4crzQSw0b3YMKbr:pU52wnFzQYc9gYMKbr

    Score
    1/10
    behavioral30

    • Target

      node_modules/koffi/build/koffi/openbsd_ia32/koffi.node

    • Size

      4.0MB

    • MD5

      201d002136b7db90d0cd71726d9b6e6f

    • SHA1

      608996a45a9a4f0744440c01e8f1415d618b5731

    • SHA256

      559f26b1bcbe6562c427e123b4bda6058af81fd3d8a82bf23a82ac5b7068858e

    • SHA512

      8a7c256e7f658dd0ca1d57a27c865e940da04dd14feb6764fecf17cf43acfac075a1e86c9a274f27550a20c54002f100538788dc685c634a79b9b1a0df6c2051

    • SSDEEP

      24576:oSjUEd5PBXJNGuJgjntLxIV7Ju7fi/vRY3p+UtrAQ4EjvGkZFu8kpSq7+huMRPcr:DBX+IV747fi/vRApptgS6uuM1c

    Score
    1/10
    behavioral31

    • Target

      node_modules/koffi/build/koffi/openbsd_x64/koffi.node

    • Size

      5.2MB

    • MD5

      1185f0d6a2de30b127414be93bd46a43

    • SHA1

      3e112c719be650c4a53083de820a2fee8e6d7e02

    • SHA256

      eff00990d6a5d1340cf0cb9885dc9c46a5267ada9eb892a280f238ce21e667f9

    • SHA512

      2e40ddbd40d16ec3d830835b06e6dfde578af6308910e9b7cc538bbce30437e415a8856a1fbd3973655f4d633b7d864fe96abdab073ce50c2925e69cc08717dc

    • SSDEEP

      49152:+n0aZo8MqUIVcjZ6cgQsTQkgTHVD3cbMgSk:+n7bGI3qFMbHSk

    Score
    1/10
    behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
7/10

behavioral2

epsilonspywarestealer
Score
10/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

epsilonspywarestealer
Score
10/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10