Overview

overview

10

Static

static

1

e44be8a85c...99.exe

windows7-x64

10

e44be8a85c...99.exe

windows10-2004-x64

10

Resubmissions

11-09-2024 20:51

240911-zna66ssfrh 10

26-07-2024 06:33

240726-hbpqcsvfng 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e44be8a85ca7a0fd6012d4374d9c5039c290034cea54e6e33cecc5efd6301599.exe

  • Size

    63.2MB

  • Sample

    240726-hbpqcsvfng

  • MD5

    294ee21987baf518bc1852c1ec91ec69

  • SHA1

    bacd41947a762a650c26dffeb8c3e7988b9d24e9

  • SHA256

    e44be8a85ca7a0fd6012d4374d9c5039c290034cea54e6e33cecc5efd6301599

  • SHA512

    a9901aa7b8712d92f5ec63a3239c527638831a7c0c74b21c4e86983193b504f6957c968ac3bc5f6d0bca0cac156b95dbb2e54ec53ee3c128e34b9f731c6a32f0

  • SSDEEP

    1572864:dtDrpm8DLMpTAOZp9kKzHzpoxQEB0Jj0iwMDcjgbMc7v3/+m7yA:Ppm8DLyZpftbh0iwMDc8b77+m7yA

Score
10/10
epsiloncredential_accessdiscoverypersistenceprivilege_escalationspywarestealer

Malware Config

Targets

    • Target

      e44be8a85ca7a0fd6012d4374d9c5039c290034cea54e6e33cecc5efd6301599.exe

    • Size

      63.2MB

    • MD5

      294ee21987baf518bc1852c1ec91ec69

    • SHA1

      bacd41947a762a650c26dffeb8c3e7988b9d24e9

    • SHA256

      e44be8a85ca7a0fd6012d4374d9c5039c290034cea54e6e33cecc5efd6301599

    • SHA512

      a9901aa7b8712d92f5ec63a3239c527638831a7c0c74b21c4e86983193b504f6957c968ac3bc5f6d0bca0cac156b95dbb2e54ec53ee3c128e34b9f731c6a32f0

    • SSDEEP

      1572864:dtDrpm8DLMpTAOZp9kKzHzpoxQEB0Jj0iwMDcjgbMc7v3/+m7yA:Ppm8DLyZpftbh0iwMDc8b77+m7yA

    Score
    10/10
    epsiloncredential_accessdiscoverypersistenceprivilege_escalationspywarestealer

    • Epsilon Stealer

      Information stealer.

      stealerepsilon

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Modify Registry

1
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Process Discovery

1
T1057

Query Registry

1
T1012

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Wi-Fi Discovery

1
T1016.002

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks