empyrean | EmpyreanLoggerBuilder[.]zip | Triage

Sharing

General

Target

EmpyreanLoggerBuilder.zip
Size

589KB
MD5

1321ce347e487f88cd1f796dd749b0f0
SHA1

a31f3c28d9210a75d181452cfca4e4524f3300e2
SHA256

8b65d7656d0881a2727ea57981a5b851a6f06a3dbad1f44accbcbf9e0d21ba1b
SHA512

77d3b66251b61153aa5b71da40d27873b927cb5cced4a5e3c606bcf5fbd019e8689cec7e19dbe0c2e84fd2b9f7b0db2d41ebf227a00dcf11eee1b040e9ed3ff8
SSDEEP

12288:qr/hwXhMLOJxU9hTlp1OzvCZe35qPPKRl52EyEg4iK:O/huhmlPneR52xl4f

Score

10^/10

upx empyrean

Malware Config

Signatures

Detects Empyrean stealer 1 IoCs

resource	yara_rule
static1/unpack001/src/main.py	family_empyrean

Empyrean family
empyrean

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/Builder.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Builder.exe

Files

EmpyreanLoggerBuilder.zip
.zip
.editorconfig
.gitignore
.vscode/settings.json
Builder.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 197KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
img/banner.png
.png
img/bu0.png
.png
img/em0.png
.png
img/em1.png
.png
img/em2.png
.png
img/em3.png
.png
img/footer.png
.png
install_python.bat
.bat .ps1
interferences.txt
requirements.txt
src/components/antidebug.py
src/components/browsers.py
src/components/discordtoken.py
src/components/injection.py
src/components/startup.py
src/components/systeminfo.py
src/config.py
src/main.py