epsilon | 726be3bdaac9d153b007b11a9529e031ff3f607392529160e27e2fa690637b3f | Triage

Sharing

General

Target

LisectAVT_2403002A_323.exe
Size

60.9MB
Sample

240725-amxlcayhrg
MD5

047cdfb2f93e26f3e7dd693f10e91fca
SHA1

7693c41e2fc2ee635fd3bb39be2644b533a1cc9d
SHA256

726be3bdaac9d153b007b11a9529e031ff3f607392529160e27e2fa690637b3f
SHA512

f3adc9405b6d9656c08df613508298fdcf9c3b27f0e5d4face0aaa7185f0ddcdf63058ac79686ea9b20e1ed2f4df2859b99a10f28e4014352f625929df0bc7e2
SSDEEP

1572864:+CfzLf2HNZlHm6HaXm/vG4CwfS7HcHC3VTrag6:t+HNTHm6qmG0oHciFTrag6

Score

10^/10

epsilon credential_access discovery persistence privilege_escalation spyware stealer

Malware Config

Targets

- Target
  
  LisectAVT_2403002A_323.exe
- Size
  
  60.9MB
- MD5
  
  047cdfb2f93e26f3e7dd693f10e91fca
- SHA1
  
  7693c41e2fc2ee635fd3bb39be2644b533a1cc9d
- SHA256
  
  726be3bdaac9d153b007b11a9529e031ff3f607392529160e27e2fa690637b3f
- SHA512
  
  f3adc9405b6d9656c08df613508298fdcf9c3b27f0e5d4face0aaa7185f0ddcdf63058ac79686ea9b20e1ed2f4df2859b99a10f28e4014352f625929df0bc7e2
- SSDEEP
  
  1572864:+CfzLf2HNZlHm6HaXm/vG4CwfS7HcHC3VTrag6:t+HNTHm6qmG0oHciFTrag6
Score

10^/10

epsilon credential_access discovery persistence privilege_escalation spyware stealer
- Epsilon Stealer
  Information stealer.
  stealer epsilon
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

epsiloncredential_accessdiscoverypersistenceprivilege_escalationspywarestealer

behavioral2

epsiloncredential_accessdiscoverypersistenceprivilege_escalationspywarestealer