empyrean | 28514f796c87d65f3ec176d2573a4fc0d8fb3e456706a2bcaa7a15700a4b3e8f

General

Target

Nebula.exe
Size

17.7MB
Sample

250114-abhm2s1lhy
MD5

18e7be26e2d977a1329e85c94ea6b3ca
SHA1

288c79040a1d8f1cc969355529d653c623c25b8c
SHA256

28514f796c87d65f3ec176d2573a4fc0d8fb3e456706a2bcaa7a15700a4b3e8f
SHA512

deab6e1ea32ffb428e827120a78591560c79a604b2d34fc1f5bea639d317e0852a9846b06b6017999d9bb30c8452c4cb59680c8a40f24522d33f6e1db98400f1
SSDEEP

393216:WqPnLFXltZK9Qf8nAB3Q0GhgiRSSCvEuX3X/ZLx:7PLFXtK9Q0kAX7RSSb4XF

Score

10^/10

Malware Config

Targets

- Target
  
  Nebula.exe
- Size
  
  17.7MB
- MD5
  
  18e7be26e2d977a1329e85c94ea6b3ca
- SHA1
  
  288c79040a1d8f1cc969355529d653c623c25b8c
- SHA256
  
  28514f796c87d65f3ec176d2573a4fc0d8fb3e456706a2bcaa7a15700a4b3e8f
- SHA512
  
  deab6e1ea32ffb428e827120a78591560c79a604b2d34fc1f5bea639d317e0852a9846b06b6017999d9bb30c8452c4cb59680c8a40f24522d33f6e1db98400f1
- SSDEEP
  
  393216:WqPnLFXltZK9Qf8nAB3Q0GhgiRSSCvEuX3X/ZLx:7PLFXtK9Q0kAX7RSSb4XF
Score

7^/10

upx discovery persistence privilege_escalation spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  main.pyc
- Size
  
  7KB
- MD5
  
  049c4e144de12f3b11619abcfc37a6c4
- SHA1
  
  db57565c894171ca2a7e545f8a28c93e46c99e6e
- SHA256
  
  ed035e3265a52c31b2ac52ef61be695df25f71e9a9da19bc081415bd477ff5e8
- SHA512
  
  961deb6698a430f9f4e7c3a76d6aa084044c81680bf30c3f8d46ec6381c71dd187675991f84212a617282ad72c60d6292371450b5859fbde9db0c9940e0e78cb
- SSDEEP
  
  192:wkEmbZLPFD8bZWdXwFOnMAGJhwU4kBXpMdw2Knw:LVPIWuFp2ULpPlw
Score

3^/10
behavioral3 behavioral4