General
-
Target
WindowsBootManager.exe
-
Size
60.6MB
-
Sample
240915-xnw3jaydpq
-
MD5
eb86fd461746ebda6b026b9d5154f821
-
SHA1
80b924a49aba14ceaf8db4b3c033c18d030f7fe0
-
SHA256
3a3e3f8bb3ea348375c6afad7f6f28a90040c178ac29b378b60e6798cbf8c3ac
-
SHA512
0418d5300bcd28e67723cd72c3dc0198b972dc722e19f6534d5ac3e18ba8dcfba04c2480e7f0fa9e21f0bad310891d1f6951826b4dcc0d4d21593a76dcdd1996
-
SSDEEP
1572864:OtvePCPUV3Yqj8Eu/cr+dzc166A2I2vokH4N7:OlaCcV9jiUr+1mgpN7
Malware Config
Targets
-
-
Target
WindowsBootManager.exe
-
Size
60.6MB
-
MD5
eb86fd461746ebda6b026b9d5154f821
-
SHA1
80b924a49aba14ceaf8db4b3c033c18d030f7fe0
-
SHA256
3a3e3f8bb3ea348375c6afad7f6f28a90040c178ac29b378b60e6798cbf8c3ac
-
SHA512
0418d5300bcd28e67723cd72c3dc0198b972dc722e19f6534d5ac3e18ba8dcfba04c2480e7f0fa9e21f0bad310891d1f6951826b4dcc0d4d21593a76dcdd1996
-
SSDEEP
1572864:OtvePCPUV3Yqj8Eu/cr+dzc166A2I2vokH4N7:OlaCcV9jiUr+1mgpN7
Score10/10-
Detects EpsilonStealer ASAR
-
Epsilon Stealer
Information stealer.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1