General
-
Target
empyrean-grabber-fixed-main.zip
-
Size
441KB
-
Sample
250209-qsa8assmck
-
MD5
dadb2128ac93837c1facb441aeddb129
-
SHA1
2ad3a9be892565ebed4a6d96bf94051b66a953a1
-
SHA256
838b27b272e687aa997515c0aa7ef5c3081643e51f03a4437191f81c39cbdfcd
-
SHA512
3e8f96996a2ecbbfc0d49b49857cf88451d07e067f6fb7925f128f5974f8d5f4e7a79cbf858e9e0359c7d848c9f8fb95352da302b3ab80a5ed95456e6bd60c0a
-
SSDEEP
6144:yJajO9Iql1HukH5GUMUdWAqvz4VzSYFdQGTB3JEs/hkmOeHtJeQWSE5Pj7glA5Ca:ywjcHl1O2GbzYQq9eoezSEel52fsNkh
Malware Config
Extracted
xworm
links-recovered.at.ply.gg:32508
XSLvYVsJZs3bsiZr
-
install_file
USB.exe
Targets
-
-
Target
empyrean-grabber-fixed-main.zip
-
Size
441KB
-
MD5
dadb2128ac93837c1facb441aeddb129
-
SHA1
2ad3a9be892565ebed4a6d96bf94051b66a953a1
-
SHA256
838b27b272e687aa997515c0aa7ef5c3081643e51f03a4437191f81c39cbdfcd
-
SHA512
3e8f96996a2ecbbfc0d49b49857cf88451d07e067f6fb7925f128f5974f8d5f4e7a79cbf858e9e0359c7d848c9f8fb95352da302b3ab80a5ed95456e6bd60c0a
-
SSDEEP
6144:yJajO9Iql1HukH5GUMUdWAqvz4VzSYFdQGTB3JEs/hkmOeHtJeQWSE5Pj7glA5Ca:ywjcHl1O2GbzYQq9eoezSEel52fsNkh
Score3/10 -
-
-
Target
empyrean-grabber-fixed-main/CONTRIBUTING.md
-
Size
1KB
-
MD5
e0e6d0734274226c6fa4df1a423c65f1
-
SHA1
7c85b84c00fad6e92dd45d560532cb04101584d0
-
SHA256
4e8836498c51c5afb831b600289318102088a8418b60550af9c0763de85e2b3f
-
SHA512
eb9dd9fb4b089a0665378a49172b013613ec7db3eea9c2f5ea0832579194cc405f2432e307ffb4edf6f7f0bd46e5962044161deb7bba994d35bd882bb7860dd6
Score8/10-
Downloads MZ/PE file
-
-
-
Target
empyrean-grabber-fixed-main/LICENSE.md
-
Size
1KB
-
MD5
258fbe6a6a66d92f8aef944eeaa547df
-
SHA1
a57aa2dace7a2e9e4f997a11cd5cde2a51284218
-
SHA256
1e5a9cd584cf92ffdc1b1143804fce7104ad5c5eb71f0bbb1d58452286a1e1a4
-
SHA512
a491cd4295e1d1209b2babd1da276233df4718f490f0d99f8e4a2ae6c5c7ef0db707e47bfb997a72d7872cfcc54cb9407998444401bdecabef8127b9caf92f88
Score8/10-
Downloads MZ/PE file
-
-
-
Target
empyrean-grabber-fixed-main/README.md
-
Size
2KB
-
MD5
3056bed32c92a2b9d28300b1b01e3738
-
SHA1
a4d4eda43f9a4e913b71d71c24a433b4c761d8bd
-
SHA256
16621f9a5093da2bb9a6a123a3a9b6954e678d8800948abab896c720ca0db944
-
SHA512
da0ad408675b2473b3e1db82a3c22329b7a12dac2ee57ded245855883017b54dafe4d6ba9707315450ea0b25b010c7d7ac65926a28248b3e409fe11d486aabea
Score8/10-
Downloads MZ/PE file
-
-
-
Target
empyrean-grabber-fixed-main/build.exe
-
Size
51KB
-
MD5
79cd45fb4ce03b7262bfca18f71f76df
-
SHA1
1cb7866b67768b8f15415cd33a4cbc1d284cb77e
-
SHA256
495c535f89ad9319b97b59b52eb5d690315c202f9add743061dc53b4b583b610
-
SHA512
370ff53c5f3648667c761c9d60f4f3ace99e2745b0253780c8dd0d87bca3c03e65c60f756bf8ea17a2f0790dbefa6ede6c0bcb7014f921cd51c945d53e4c8950
-
SSDEEP
1536:fwFIJ7n5Yptm6YCLgJwu4NFD0T5YKAYjZHgbyJ:pJ9Yptm6YCLgau4NGTJAYjZHWg
Score10/10-
Detect Xworm Payload
-
Xworm
Xworm is a remote access trojan written in C#.
-
Xworm family
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
empyrean-grabber-fixed-main/img/banner.png
-
Size
56KB
-
MD5
05bc1a72bba6d3a1e947889816bc5af9
-
SHA1
5e79b6679d3879c712f6ffdd71c2765ac35657cc
-
SHA256
3aeb09bf487d96bd5f273c66ba5eff9f38aab0caa91fd7d5b9c72e624ba8e45a
-
SHA512
4bd44d6b3fd386c053cc3df48d9753224c66211c09a748c82760e53440084abf59d64a588e2606cff38dd6d722777f54fdd0329a34c5145b5304903da4560edc
-
SSDEEP
1536:d4N6eeJvm56/WWvRUj6xXvqU9tw7o6666666666666666m:d4NXeJjtRUWRJ9tw866666666666666E
Score1/10 -
-
-
Target
empyrean-grabber-fixed-main/img/bu0.png
-
Size
43KB
-
MD5
a88c941f498dbf0d05022cff06719cda
-
SHA1
07bb675b8f1828134de837fe1ef457b4a8a89e3e
-
SHA256
5f2f94e2206fd6516cde8b3068b31a248d2080a094cd1406a60efb70a7ece42c
-
SHA512
b07a06539e5bb58aefc0518cadf856a54a10607d2d5e810cb2b87f6e9722fffacbac06e31b249f2f4c34de22f0e6bd21000e6e9f2d79ccfbcec4214bb181ca71
-
SSDEEP
768:RvYHt/p2E9rfhNwMaDTYgPSQXe8htfjDTXwoOD33gbzueCR4akozWV:mH9rrbiqQXJj+D3wbzS6akt
Score1/10 -
-
-
Target
empyrean-grabber-fixed-main/img/em0.png
-
Size
48KB
-
MD5
0f1bedcd0ae85f68fdb3e2d041bcea8a
-
SHA1
553c7c1a933301790189bad120e4dd6f393ba768
-
SHA256
4783a629fbbcc597aaea88afa8147aa285ee9273b1282e350753cf0cdc9a2ba3
-
SHA512
85d3cda472591aa14669ba404837d0d7fa03e5b1e8ae877cf69eb4d903fba536528a058410e6d83aa1d32c461a57012b929092bada729ef820b2e4767d6fbde5
-
SSDEEP
1536:VgssDNxJeaSA2U+WfPxLLzQbOl1biCVGWj:Ss4Nx5Sq+WRkbA1bikGWj
Score1/10 -
-
-
Target
empyrean-grabber-fixed-main/img/em1.png
-
Size
73KB
-
MD5
d558a83af8c6913f87cb82cdb5c2ea0d
-
SHA1
e6d0e4f617273f902ca0a7398153519375816dd4
-
SHA256
f3bc44f23f86648c8a2c686a88d70f65f403945cf40a679439abb4b0ec5500e9
-
SHA512
c0cf2c07e6a479b61b8fb33884dca271c19ce8ceec5114df51074cf4a16179bbb86be9024ab29e7381d94a84f646ae1e168ff9c76dead9f0124f3bc45603e55f
-
SSDEEP
1536:MIE9qnfrfc2F52Ii1tBk/vCxVzpSIUhTHXSXg5t4Jh2Rg9w:MIQqg2F0HKCGnhTHXSMtehEg9w
Score1/10 -
-
-
Target
empyrean-grabber-fixed-main/img/em2.png
-
Size
99KB
-
MD5
044128768f6dd149fee0dd0c9907bb45
-
SHA1
d5cdd34603c4484634de0579900d407fe8227dca
-
SHA256
66299c0c3bd727b4a291449fd62e822fe72e61efc9ab9e187dd90805c664df58
-
SHA512
909f4aa394df8603bc9284b28b540e8ef3c8d20b0f149a81f32a47cfde6be10686beb24e4df768fc3a366616b2b53b781e4d7dfe4fee65b70a2213fddd731cf8
-
SSDEEP
1536:E3xhsHb9YbG6c+x0Nev04zCzq7sg4qlGyPJaFWx4REQdRm6dQAQbNwWi7Wn18NZ9:E3QHbQNF01qDl7PQRxR+O7WnqNZ/ICl
Score1/10 -
-
-
Target
empyrean-grabber-fixed-main/img/em3.png
-
Size
54KB
-
MD5
8350a5245117e54b3ba123e1e3140756
-
SHA1
32dc8fdde2cc059c039262c28427ee61e8e5fd43
-
SHA256
bd1cf11afe2160405a36e2e7d4c4f2dafce9efe5ccb4dc96a7aadce6d6e5be80
-
SHA512
44c82ce5df65cc84f78ce6eff8bbfd05431fa6be34dab2e8342d12bf554c8b4717c2a6f0d6aa71bfbae8ae587bf91361e2e07373f54f9760062c7535045c811e
-
SSDEEP
768:do43ADEpUreId9rmOa45hB6wMimFxP19D6QnE049zIEn8Mval3jChiRlQ66x4m:uopUbfrmk5hZMisxPjmQnE0eBJazQ5N
Score1/10 -
-
-
Target
empyrean-grabber-fixed-main/img/footer.png
-
Size
39KB
-
MD5
a7d50223d0dedc64c4722572beeddc1a
-
SHA1
d5826940d2afeac8da8deeec303d1418f8b9dd0e
-
SHA256
372a5a48bc48ec8589372acfb90f930418b460577958d3af2a2912ecfaeaf405
-
SHA512
e4b48e9474b593c00a8881040c1fbbe5609e982ceb7e8063b5bf021637c6b63a9f7c73ea0e97ee365dfaac76afa96e20cdd8b198c3bf966bdb47db97331df564
-
SSDEEP
768:mNJXmelU5mHSSHDtC/xgzzlQ/4F8PPgKFcFKth0O0/PXVJz6:delUo7j4Jpc8hMAh0O0HX7O
Score1/10 -
-
-
Target
empyrean-grabber-fixed-main/install_python.bat
-
Size
686B
-
MD5
f30718a354e7cc104ea553ce5ae2d486
-
SHA1
3876134e6b92da57a49d868013ed35b5d946f8fd
-
SHA256
94008c8135d149fecd29ca62aded487f0fbfa6af893596ffc3e4b621a0fe4966
-
SHA512
601b2256ea709a885741f1dec5c97dda6fb7fd4e485b4afac3503af1aefe73472e5bc5529c144814a3defbc0b51ac4b50e02a50dccc69b41ee5d87a3f4282874
Score8/10-
Blocklisted process makes network request
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Command and Scripting Interpreter: PowerShell
Powershell Invoke Web Request.
-
Downloads MZ/PE file
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory
-
-
-
Target
empyrean-grabber-fixed-main/interferences.txt
-
Size
8B
-
MD5
d6ab204cd21cea2d0eb1637abc03dbc7
-
SHA1
609d42ec616209b93abe7b30f489ef38fa3d8221
-
SHA256
4bbf9c18e7af9dbb15eaf6e7d2f35c992b599dfe9d6d957f5c4766c2a24f5d0e
-
SHA512
e906d63a828f5fbc70744d4c10603485335f1529ab9254edfee75b3b720518014714a7467c940316b760d3b3d5e4ac9c5907ba0b34905007d4d234cc3f0450af
Score3/10 -
-
-
Target
empyrean-grabber-fixed-main/src/components/antidebug.py
-
Size
11KB
-
MD5
26435fe69fcfe6322679c9df730cd0b0
-
SHA1
95a305df9fae655cc4b34eb0d5cad8848a4c9100
-
SHA256
101b5276bcaae253319cfc1f0f6b6a1688d9286c7852f8e12d00c698b2ae117c
-
SHA512
26e7750c235cfc734d86502f85f1620c4698bde6e377a2264bddd3017bb8891110e49ead665b59330666d2dd4686c8e657fb080554905dbb9976c8846781c963
-
SSDEEP
192:0PRZOKV83Gsn8ZBwh9JYmypzrKU8zrPsR0TtsBWaOJjd5vpV5M7/V/c:0ZTd+nJYJzrn+rgeeWaOJjd5vpVC6
Score8/10-
Downloads MZ/PE file
-
-
-
Target
empyrean-grabber-fixed-main/src/components/browsers.py
-
Size
16KB
-
MD5
1fa5ec2594e7dc5ba902baa17c26c396
-
SHA1
9cc476e8f5068edde04fb74b8d553b9920bb7e22
-
SHA256
fcc7ce278bc39a6f36772e45ca5a9c52bc1457bbcb451587c8812fe090fe0e37
-
SHA512
57ff299400b36ad38fb04728c6416c3b45decc88f6258a5df66bf6bd388575c7ccee5837e0903f44bfb90ff319a9bf6cee046ea316a8f50f365e9418e888b922
-
SSDEEP
384:ljE+Bs45wvwmzwCN903g6YeNlO3+B73Rk:BE+SYrCN903g6PNlO3+B7K
Score3/10 -
-
-
Target
empyrean-grabber-fixed-main/src/components/discordtoken.py
-
Size
17KB
-
MD5
c3d9cbff92171f3004bb29fc5c8e0d49
-
SHA1
972e9a36b103a7c41a26d7f1817ffeeff8dbfb3c
-
SHA256
18df4cedcec576281fa110f1597b8c300a6d8915fb34a05616b92ce00a1108ce
-
SHA512
3ba2c6a271cec1b7988f39aa43358bb2fdcf7581dfbbca55adc568595995a1388b53a73279833fac747775304d6d58a98b02830082d164ead89cb1a23e3e7de2
-
SSDEEP
384:ig9WPIDbhMUN7Qr4cq4cn6vPuk6ii34zSJPuE8q7rqLFBISJ:4Iz7C4F4o6XuVii34zSr8cr8vpJ
Score8/10-
Downloads MZ/PE file
-
-
-
Target
empyrean-grabber-fixed-main/src/components/injection.py
-
Size
2KB
-
MD5
1bfaa460966bb67499e24c44e2ae4f3f
-
SHA1
d79d21cd4518324d0c59fa6e183bc91df1c08433
-
SHA256
a9d1ad9132081e78a68e9bc71d315b74b4005f67e2667dc933db2be79e297e6c
-
SHA512
6e1fe9f8a5359abb7409f5b6177908968d5714dabb6e647b7a63c88ae02f06d7c16acb13895d896688ca4558ee64f2f80f2b02ec37879bd5b4b4bd7b5c66221f
Score3/10 -
-
-
Target
empyrean-grabber-fixed-main/src/components/startup.py
-
Size
1KB
-
MD5
d17d405ca05de43451c90ed876382851
-
SHA1
5d79d59b7c7d84da78b16c3b11ccc329a85974c6
-
SHA256
e93db849ec64a2c100f7d07bb1267edb96177b4097573796213fe19623b85e57
-
SHA512
7e2f8325cae28528d84fe1967ded6375d8b581d99a93d5b2dbae8f7a7af03c60cadacd21bd0d29771ccb0dc438e5aac30321f251db44124ab841f267a0ff887b
Score3/10 -
-
-
Target
empyrean-grabber-fixed-main/src/components/systeminfo.py
-
Size
6KB
-
MD5
2737cd3bd851c13c1c5c651e045e75d7
-
SHA1
828797243a9051d1461abebb90e162bd192f2c8a
-
SHA256
6689a267860ff5972229c33934af6356b4828b05ae214d2024f62bd113916a4a
-
SHA512
01d7b0e9c77585e08516c2443797f77c45db861a23f38fccad80036fe3f3ba270add2946317ef5405c608c2f8628910cf38c511cc8d7e94987730e3fe8f71e10
-
SSDEEP
96:o62a5Q8kjqXmBHyCOMLdpvlGa4sVV2iHxhwqf+zadcTP9eTnSIf:PQRy4Tka/T2UIzaaL9erj
Score3/10 -
-
-
Target
empyrean-grabber-fixed-main/src/config.py
-
Size
197B
-
MD5
f9db0f9a37e5d0b737dd22c3a0473d6d
-
SHA1
21b489d27337761e2dd5d6c50f4114ad73777800
-
SHA256
dc3606aa2b6342da0fe23a0a5859cf2f2be3d4bc0ec49f0dd4c79201db68c541
-
SHA512
12b32a522d848c76b984182f9827d22aea2e7c282b0f03db7b5d78e121157de6b67ee0e6031a44067c59efa146f1d5515514f9e27232778a56720582b7ec7d1d
Score3/10 -
-
-
Target
empyrean-grabber-fixed-main/src/main.py
-
Size
848B
-
MD5
c7e2a6f36eead941802e707eb246da84
-
SHA1
4406272e8c7a9b8cb5684373c43f3368b2cb44dd
-
SHA256
eff558ffa171814712d1605c72fe8eba833f1682ef7efc8285dcf5303f4c5f41
-
SHA512
a6191c28c66c9c33d7bf070b36b5cb6ace45e06593cf4368cfd60e10a28bc846100be7efa025e1e12f5b4c3e0217ae5ec185142d1a4ea5db7aa1a5d585afdbeb
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Browser Extensions
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
1Component Object Model Hijacking
1