empyrean | dbb853669067d2959ad752b38451de8ba607714a67c045f09da7adad00e5157c | Triage

Submit
Reports

Overview

overview

Static

static

000.exe

windows7-x64

7

000.exe

windows10-2004-x64

7

Sharing

General

Target

000.exe
Size

21.9MB
Sample

241130-vxjsfszkbt
MD5

299af1f7eb2b84ffcd7ab0e8f40c9c04
SHA1

7b709261e1efe4a5e5d2d2ddfb17f69ec7fd2bc4
SHA256

dbb853669067d2959ad752b38451de8ba607714a67c045f09da7adad00e5157c
SHA512

c83a6db9e1ecc3e74f5e037d51e1178e2d1388eae106e7b66836bd182c94899c8e544188043254a773bcf08b7d45c3d90764f9278c348733afc7130cc146aa1b
SSDEEP

393216:pqPnLFXlrV7mH1y2DOxQMDOETgsPfGEHgBkevE4LxIqVjFQJiRm:gPLFXNZmH1y2OQRExOkXkIqVjF6

Score

10^/10

empyrean discovery persistence privilege_escalation pyinstaller spyware stealer upx

Static task

static1

pyinstaller empyrean

4 signatures

Behavioral task

behavioral1

Sample

000.exe

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

000.exe

Resource

win10v2004-20241007-en

discovery persistence privilege_escalation spyware stealer upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  000.exe
- Size
  
  21.9MB
- MD5
  
  299af1f7eb2b84ffcd7ab0e8f40c9c04
- SHA1
  
  7b709261e1efe4a5e5d2d2ddfb17f69ec7fd2bc4
- SHA256
  
  dbb853669067d2959ad752b38451de8ba607714a67c045f09da7adad00e5157c
- SHA512
  
  c83a6db9e1ecc3e74f5e037d51e1178e2d1388eae106e7b66836bd182c94899c8e544188043254a773bcf08b7d45c3d90764f9278c348733afc7130cc146aa1b
- SSDEEP
  
  393216:pqPnLFXlrV7mH1y2DOxQMDOETgsPfGEHgBkevE4LxIqVjFQJiRm:gPLFXNZmH1y2OQRExOkXkIqVjF6
Score

7^/10

upx discovery persistence privilege_escalation spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallerempyrean

behavioral1

behavioral2

discoverypersistenceprivilege_escalationspywarestealerupx

© 2018-2024

Terms | Privacy