empyrean | 5069e66738c7fd5832bd14f86ea21aa4399e54c3d793ac2dce3b6f184705274c

General

Target

cheatsetc.zip
Size

53.2MB
Sample

250104-1jj4ysymcv
MD5

03184511ac166c596290faee66041016
SHA1

4f66c718784c9751a9b8062fc2d4cfb54a6de632
SHA256

5069e66738c7fd5832bd14f86ea21aa4399e54c3d793ac2dce3b6f184705274c
SHA512

afc89389d6592fd048dc3fd495ef91c6f43ddaa2c797758ae882b62b4bf095e41d119182b765918016ef4d574fb485c93dda39607852a51076bdd830b89ac33b
SSDEEP

1572864:JfdHCU/62uyoLfdHCU/62uyo3fdHCU/62uyob:fiJLviJLfiJLl

Score

10^/10

Malware Config

Targets

- Target
  
  dist/FN CHEATS.exe
- Size
  
  17.9MB
- MD5
  
  25fd2ddac0eb786a841910301892c958
- SHA1
  
  28f9dbb38f4ffaad3924c281287c123fce312a84
- SHA256
  
  a26d602aba374f73249aa6c57f565085bccb5e8fe0cc24800efc8805e283756a
- SHA512
  
  e78c04a0fe289a9c56e4426ce30bbb3eafcf6ef4e82d95cba64867d07b7e03d7ea6a23080c54dd17292937367a29669957f657d540519ba315d4ad27a59590ff
- SSDEEP
  
  393216:kqPnLFXlrkQPDOETgsvfGw0gpqgw4hTH1SvEIFC9A6hB2q:FPLFXNkQ6Ef0lFUttS6T
Score

7^/10

upx discovery persistence spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  dist/skin changer.exe
- Size
  
  17.9MB
- MD5
  
  25fd2ddac0eb786a841910301892c958
- SHA1
  
  28f9dbb38f4ffaad3924c281287c123fce312a84
- SHA256
  
  a26d602aba374f73249aa6c57f565085bccb5e8fe0cc24800efc8805e283756a
- SHA512
  
  e78c04a0fe289a9c56e4426ce30bbb3eafcf6ef4e82d95cba64867d07b7e03d7ea6a23080c54dd17292937367a29669957f657d540519ba315d4ad27a59590ff
- SSDEEP
  
  393216:kqPnLFXlrkQPDOETgsvfGw0gpqgw4hTH1SvEIFC9A6hB2q:FPLFXNkQ6Ef0lFUttS6T
Score

7^/10

upx discovery persistence spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  dist/spoofer.exe
- Size
  
  17.9MB
- MD5
  
  25fd2ddac0eb786a841910301892c958
- SHA1
  
  28f9dbb38f4ffaad3924c281287c123fce312a84
- SHA256
  
  a26d602aba374f73249aa6c57f565085bccb5e8fe0cc24800efc8805e283756a
- SHA512
  
  e78c04a0fe289a9c56e4426ce30bbb3eafcf6ef4e82d95cba64867d07b7e03d7ea6a23080c54dd17292937367a29669957f657d540519ba315d4ad27a59590ff
- SSDEEP
  
  393216:kqPnLFXlrkQPDOETgsvfGw0gpqgw4hTH1SvEIFC9A6hB2q:FPLFXNkQ6Ef0lFUttS6T
Score

7^/10

upx discovery persistence spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6