empyrean | 54edef46961ae22933beca4f7b16f30463be80d009ddd91abdc2845fe7fcb450 | Triage

Submit
Reports

Overview

overview

Static

static

sensenzon/...on.exe

windows10-2004-x64

7

Sharing

General

Target

sensenzon (1).zip
Size

17.8MB
Sample

241118-c2hf3s1mdp
MD5

3432459ad15d5b338ded7fffb26da0f6
SHA1

9ff84d0fa6d10ce78e9f43bc139cb18214be34df
SHA256

54edef46961ae22933beca4f7b16f30463be80d009ddd91abdc2845fe7fcb450
SHA512

f55883c69980a94c54e800b540493346317ed05e200651df99126493da45d1d27487c3a72f5a92fe65e2858fee0d44552ef84cb12bbb119aadb8631e31a2b1ce
SSDEEP

393216:/l1P/nQe8Fj8rbvx2IhLADP6+p32mzNHKUv5Vf3XwzVUVg:/nnnsd83xjhUTNHKUhZXsEg

Score

10^/10

empyrean discovery persistence pyinstaller spyware stealer upx

Static task

static1

pyinstaller empyrean

4 signatures

Behavioral task

behavioral1

Sample

sensenzon/sensenzon.exe

Resource

win10v2004-20241007-en

discovery persistence spyware stealer upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  sensenzon/sensenzon.exe
- Size
  
  17.9MB
- MD5
  
  9f7e01ba6a262816632dcdda6701242f
- SHA1
  
  0cac237457f4cd23ecf13ec8ee56ee1aa74cd206
- SHA256
  
  507ef6e01eda552b2d2cee1523bc30165e59b7228115ef102639ec4b644b0f1f
- SHA512
  
  fcefe4b78eeabe72039520d7a3e75a640f23f2e5ee5042a0d72b329d333af6a8532c4320b2640ba9480556259779f9d2ad1ec3c4c2db6c3aec5ce8893032d1b1
- SSDEEP
  
  393216:UqPnLFXlrsQMDOETgsvfGtgcQ2kvEjFFKwPNKtq:1PLFXNsQREIxXdzKwcY
Score

7^/10

discovery persistence spyware stealer upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallerempyrean

behavioral1

discoverypersistencespywarestealerupx

© 2018-2024

Terms | Privacy