empyrean | Mw16 chair[.]exe

Resubmissions

02-01-2025 22:04

250102-1y3vlsxmbz 10

02-01-2025 17:10

250102-vp68sayqbw 10

02-01-2025 16:48

250102-vbc3sa1pdl 10

Sharing

Copy URL

Twitter E-mail

General

Target

Mw16 chair.exe
Size

38.6MB
MD5

29e6c7c04a6b3c941b0822fa2c5fa877
SHA1

b3a17c472737c60924ac16350299a64e33782005
SHA256

094808c3a439d8e8b8f26b1deb2a8f870ef2807d3af2efe8ef122d7f7defc9ad
SHA512

0748c9c072899f284f315bbe5416196919bbb2c82bbe6328931955347b31edd72b0d3e778b3447e090c639cc839472f9f269520fbce0f116d9bff3260bd3484d
SSDEEP

786432:BPclT+3fr3DPLFXNricwQhEfILwbTgpfePclT+3fr3L:oT+3fr3DLFdMQhEg8bgBT+3fr3L

Score

10^/10

pyinstaller empyrean

Malware Config

Signatures

Detects Empyrean stealer 1 IoCs

resource	yara_rule
static1/unpack001/main.pyc	family_empyrean

Empyrean family
empyrean

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
sample	pyinstaller

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Mw16 chair.exe

Files

Mw16 chair.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\GHAAWY\Desktop\stub\stub\obj\x86\Debug\stub.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 109B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.0MB - Virtual size: 9.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
main.pyc

Resubmissions

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 186KB - Virtual size: 185KB

.sdata Size: 512B - Virtual size: 109B

.rsrc Size: 9.0MB - Virtual size: 9.0MB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 186KB - Virtual size: 185KB

.sdata
Size: 512B - Virtual size: 109B

.rsrc
Size: 9.0MB - Virtual size: 9.0MB

.reloc
Size: 512B - Virtual size: 12B