empyrean | 083372afae947734c8cb902c65bcf18d49d29e6c29f0ae10e3bfd960db7d787f

General

Target

Setup.exe
Size

17.8MB
Sample

250321-qata6aywhs
MD5

30ba022276e73bf21b3f097d9fd31b2f
SHA1

c95bd715bc4ebb167a049ddb661d2579f2177f35
SHA256

083372afae947734c8cb902c65bcf18d49d29e6c29f0ae10e3bfd960db7d787f
SHA512

084a198c653a0836aa0f1e36ca0afba6a6e2035d2be90c91c54ea5acb44b10efac5540a71dfadd68b2106fed16a70bba4e8936c45d275f43369fb797f3784a56
SSDEEP

393216:FqPnLFXlrkQ8DOETgsvfGFgmV3HUvE1O2n6b+q:8PLFXNkQhE07HNTnc

Score

10^/10

Malware Config

Targets

- Target
  
  Setup.exe
- Size
  
  17.8MB
- MD5
  
  30ba022276e73bf21b3f097d9fd31b2f
- SHA1
  
  c95bd715bc4ebb167a049ddb661d2579f2177f35
- SHA256
  
  083372afae947734c8cb902c65bcf18d49d29e6c29f0ae10e3bfd960db7d787f
- SHA512
  
  084a198c653a0836aa0f1e36ca0afba6a6e2035d2be90c91c54ea5acb44b10efac5540a71dfadd68b2106fed16a70bba4e8936c45d275f43369fb797f3784a56
- SSDEEP
  
  393216:FqPnLFXlrkQ8DOETgsvfGFgmV3HUvE1O2n6b+q:8PLFXNkQhE07HNTnc
Score

7^/10

discovery persistence privilege_escalation spyware stealer upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1
- Target
  
  main.pyc
- Size
  
  7KB
- MD5
  
  deb1e99bbd53227e4a14166783455678
- SHA1
  
  01bd7729caf6fca92cd60e3ea579227ca0593985
- SHA256
  
  491efa8dbbb52d7ce4329fd9cb119f0e3db8daad6b50fb7a1463f5d2e4411de4
- SHA512
  
  3092b63c3546d704958ef788b4cffb26c2ffc30340d5fca61ffe17eea62454e807c2883e765031ce2af74e90821207335ed400a4aef7a7a4f220656c559de838
- SSDEEP
  
  192:wm5lY45D85AJBgWdXwbnG00JhwHQvAMdw0b3Gnw:TlYlAoWuj22HQvAPu2w
Score

3^/10
behavioral2