empyrean | faad3e4633b1ca87594253933ddac5b668ae81c8267172a3627779206286bc89 | Triage

Submit
Reports

Overview

overview

Static

static

Loader.exe

windows7-x64

7

Loader.exe

windows10-2004-x64

7

Sharing

General

Target

Loader.exe
Size

18.8MB
Sample

241027-x17d2asbkq
MD5

46418e5b2cc3e2ebace59357d6725a7f
SHA1

eb7bbedaee97b14b1c681b7b1350f85286e52e1f
SHA256

faad3e4633b1ca87594253933ddac5b668ae81c8267172a3627779206286bc89
SHA512

031c04165bb8233bf1e61858299b2935bfe9a0b4864f023dd7f3749637a23e1b13e347bf5c2b81c59d4c7781ec6bd00688989d4b8d191b06bd55800e4071d074
SSDEEP

393216:HeqPnLFXlryQMDOETgs77fGjgntADkZhvEJCNiLEdOq:HTPLFXNyQRE7wctADksMiG

Score

10^/10

empyrean discovery persistence privilege_escalation pyinstaller spyware stealer upx

Static task

static1

pyinstaller empyrean

4 signatures

Behavioral task

behavioral1

Sample

Loader.exe

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

Loader.exe

Resource

win10v2004-20241007-en

discovery persistence privilege_escalation spyware stealer upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  Loader.exe
- Size
  
  18.8MB
- MD5
  
  46418e5b2cc3e2ebace59357d6725a7f
- SHA1
  
  eb7bbedaee97b14b1c681b7b1350f85286e52e1f
- SHA256
  
  faad3e4633b1ca87594253933ddac5b668ae81c8267172a3627779206286bc89
- SHA512
  
  031c04165bb8233bf1e61858299b2935bfe9a0b4864f023dd7f3749637a23e1b13e347bf5c2b81c59d4c7781ec6bd00688989d4b8d191b06bd55800e4071d074
- SSDEEP
  
  393216:HeqPnLFXlryQMDOETgs77fGjgntADkZhvEJCNiLEdOq:HTPLFXNyQRE7wctADksMiG
Score

7^/10

upx discovery persistence privilege_escalation spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallerempyrean

behavioral1

behavioral2

discoverypersistenceprivilege_escalationspywarestealerupx

© 2018-2024

Terms | Privacy