epsilon | 1bdfcdbf076c996abd6f783703249689192036db3e22ecf201db3b12eb5f630d | Triage

Resubmissions

28-07-2024 11:28

240728-nk7kesygkb 10

29-08-2022 17:09

220829-vn594adeg7 10

Sharing

General

Target

StarshipJourney.exe
Size

60.5MB
Sample

240728-nk7kesygkb
MD5

77d597618c310dcddb4395797ab2b861
SHA1

26b4be4a925abc3041b0b7cc9734ddd8e95e72aa
SHA256

1bdfcdbf076c996abd6f783703249689192036db3e22ecf201db3b12eb5f630d
SHA512

61b61023a1be0a8d29d94117aba6c434529d2e176dfc67faac1fd27b5f6acd80306eae1bd5c49b4c609de849e5886458e609e770db87d8ca1733ea2f247e3ea5
SSDEEP

1572864:ktveQPDxlD1NnJFYfABrBDgYwNo5bwABEUGpU6G7:klDbxlBNJq4rBDgYwNSbwASHA7

Score

10^/10

epsilon credential_access discovery spyware stealer

Malware Config

Targets

- Target
  
  StarshipJourney.exe
- Size
  
  60.5MB
- MD5
  
  77d597618c310dcddb4395797ab2b861
- SHA1
  
  26b4be4a925abc3041b0b7cc9734ddd8e95e72aa
- SHA256
  
  1bdfcdbf076c996abd6f783703249689192036db3e22ecf201db3b12eb5f630d
- SHA512
  
  61b61023a1be0a8d29d94117aba6c434529d2e176dfc67faac1fd27b5f6acd80306eae1bd5c49b4c609de849e5886458e609e770db87d8ca1733ea2f247e3ea5
- SSDEEP
  
  1572864:ktveQPDxlD1NnJFYfABrBDgYwNo5bwABEUGpU6G7:klDbxlBNJq4rBDgYwNSbwASHA7
Score

10^/10

epsilon credential_access discovery spyware stealer
- Detects EpsilonStealer ASAR
- Epsilon Stealer
  Information stealer.
  stealer epsilon
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

epsiloncredential_accessdiscoveryspywarestealer

behavioral2

epsiloncredential_accessdiscoveryspywarestealer

behavioral3

epsiloncredential_accessdiscoveryspywarestealer

behavioral4

epsiloncredential_accessdiscoveryspywarestealer