Overview

overview

10

Static

static

3

FueledupSetup_x64.exe

windows10-ltsc 2021-x64

10

FueledupSetup_x64.exe

windows11-21h2-x64

10

FueledupSetup_x64.exe

windows10-ltsc 2021-x64

10

FueledupSetup_x64.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FueledupSetup_x64.exe

  • Size

    62.1MB

  • Sample

    250307-rm6yfssky8

  • MD5

    28e47e5a951138aa8c48fdb54e8829b0

  • SHA1

    3030113d4fdae1f41b09e6c82379312aa29d6b1e

  • SHA256

    70aa928cfadf5216ee0edbfa44f34f55893eef92470924b2bd66892fd0fda9f8

  • SHA512

    47d2a5b7a23f8952fe9cd8755b635758fb77febfcd391f7b64eee59ca8ddfb43113c5019324c89098032e42f062f2333817ad14a2f1de67c0140e8924b89e37c

  • SSDEEP

    1572864:4m60grSMFqsvutH7QjRyigjXaXiymm4QOGfp3HlagPz:b60grSO+H7Qyi21QOGx3HlagPz

Score
10/10
epsilondiscoverypersistenceprivilege_escalationspywarestealer

Malware Config

Targets

    • Target

      FueledupSetup_x64.exe

    • Size

      62.1MB

    • MD5

      28e47e5a951138aa8c48fdb54e8829b0

    • SHA1

      3030113d4fdae1f41b09e6c82379312aa29d6b1e

    • SHA256

      70aa928cfadf5216ee0edbfa44f34f55893eef92470924b2bd66892fd0fda9f8

    • SHA512

      47d2a5b7a23f8952fe9cd8755b635758fb77febfcd391f7b64eee59ca8ddfb43113c5019324c89098032e42f062f2333817ad14a2f1de67c0140e8924b89e37c

    • SSDEEP

      1572864:4m60grSMFqsvutH7QjRyigjXaXiymm4QOGfp3HlagPz:b60grSO+H7Qyi21QOGx3HlagPz

    Score
    10/10
    epsilondiscoverypersistenceprivilege_escalationspywarestealer

    • Epsilon Stealer

      Information stealer.

      stealerepsilon

    • Epsilon family

      epsilon

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      FueledupSetup_x64.exe

    • Size

      140.1MB

    • MD5

      036c8f1bf656b45b69be32a3bfd06205

    • SHA1

      202723e7c6fcc533aa4021ffa65c758d3d16d95a

    • SHA256

      1eb0dd24fabf40d1ba39fd1521313dc045f02af52c0e2aca919f7fda22531538

    • SHA512

      953974f262001d773144e53a896818ae1b6df933a9d422116f35b73431a2a35edd7d5d4e4b504b3e84303794e35fd61e111c95d7f72f4335afa9efe3d23b0e7d

    • SSDEEP

      1572864:o2Cm7gJKfVjsPawuFHNwczWTeMkF7ZEk8bCkKbj:PaodJFek8+k

    Score
    10/10
    epsilondiscoverypersistenceprivilege_escalationspywarestealer

    • Epsilon Stealer

      Information stealer.

      stealerepsilon

    • Epsilon family

      epsilon

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks