empyrean | 2bcdb11106378b488e97717de40cc05d2eef4c2b3df6adecf8daa8771ad64988 | Triage

Submit
Reports

Overview

overview

Static

static

main.exe

windows7-x64

7

main.exe

windows10-2004-x64

7

Sharing

General

Target

main.exe
Size

58.0MB
Sample

241002-1bawba1fnh
MD5

da151f3b7f812e244ea8531fc1a9b797
SHA1

f1d6afbf71d1dbe9877340ee0c4dfeb450bf0d37
SHA256

2bcdb11106378b488e97717de40cc05d2eef4c2b3df6adecf8daa8771ad64988
SHA512

9a52cf415824fccab919ea44c92bbbe4656f0a2a623ec5e7cf3ffdcdd15deca69b47308e755e260b3e439b4378202942219f0da4b30ae4f0b3389b0ba880481c
SSDEEP

1572864:BiFhyZZIl0B/Cip8weeQIB5eSKY47f++yBd7XM5nZ7vA:UhyZm4/Cip8cHXb4LTShc5nl

Score

10^/10

empyrean discovery persistence pyinstaller spyware stealer upx

Static task

static1

pyinstaller empyrean

4 signatures

Behavioral task

behavioral1

Sample

main.exe

Resource

win7-20240708-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

main.exe

Resource

win10v2004-20240802-en

discovery persistence spyware stealer upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  main.exe
- Size
  
  58.0MB
- MD5
  
  da151f3b7f812e244ea8531fc1a9b797
- SHA1
  
  f1d6afbf71d1dbe9877340ee0c4dfeb450bf0d37
- SHA256
  
  2bcdb11106378b488e97717de40cc05d2eef4c2b3df6adecf8daa8771ad64988
- SHA512
  
  9a52cf415824fccab919ea44c92bbbe4656f0a2a623ec5e7cf3ffdcdd15deca69b47308e755e260b3e439b4378202942219f0da4b30ae4f0b3389b0ba880481c
- SSDEEP
  
  1572864:BiFhyZZIl0B/Cip8weeQIB5eSKY47f++yBd7XM5nZ7vA:UhyZm4/Cip8cHXb4LTShc5nl
Score

7^/10

upx discovery persistence spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallerempyrean

behavioral1

behavioral2

discoverypersistencespywarestealerupx

© 2018-2025

Terms | Privacy