empyrean | 790d43c808639301fe4de95ca81ff1e69a4350a34b105fa8ffd77e6bfada5cf8 | Triage

Submit
Reports

Overview

overview

Static

static

2025-04-03...om.exe

windows10-2004-x64

7

Sharing

General

Target

2025-04-03_f81aa7fc2335021e9add68f779857987_black-basta_cobalt-strike_satacom
Size

18.9MB
Sample

250403-lzs98svvd1
MD5

f81aa7fc2335021e9add68f779857987
SHA1

5c73d56ace46474fdf6a5ea0997fc348d9f591bc
SHA256

790d43c808639301fe4de95ca81ff1e69a4350a34b105fa8ffd77e6bfada5cf8
SHA512

887c9597ea50c407aa7450e1e0a4055b4d2a8d66e79f0dbb4a2e1c30ff7fbaad0e83c0dc6683de7fdff91eb1513ef507318ad224f2f23d079d9c6dac82b3c384
SSDEEP

393216:bqqPyX6DnfZaKBsRvKptDOlz3Tmnf4F5A4UygPHY2sxmJiEP8NNEAXLqQFzq:7PyXYhaKszjqAFsf+QstCqJ5q

Score

10^/10

empyrean discovery pyinstaller spyware stealer upx

Static task

static1

pyinstaller empyrean

4 signatures

Behavioral task

behavioral1

Sample

2025-04-03_f81aa7fc2335021e9add68f779857987_black-basta_cobalt-strike_satacom.exe

Resource

win10v2004-20250314-en

discovery spyware stealer upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  2025-04-03_f81aa7fc2335021e9add68f779857987_black-basta_cobalt-strike_satacom
- Size
  
  18.9MB
- MD5
  
  f81aa7fc2335021e9add68f779857987
- SHA1
  
  5c73d56ace46474fdf6a5ea0997fc348d9f591bc
- SHA256
  
  790d43c808639301fe4de95ca81ff1e69a4350a34b105fa8ffd77e6bfada5cf8
- SHA512
  
  887c9597ea50c407aa7450e1e0a4055b4d2a8d66e79f0dbb4a2e1c30ff7fbaad0e83c0dc6683de7fdff91eb1513ef507318ad224f2f23d079d9c6dac82b3c384
- SSDEEP
  
  393216:bqqPyX6DnfZaKBsRvKptDOlz3Tmnf4F5A4UygPHY2sxmJiEP8NNEAXLqQFzq:7PyXYhaKszjqAFsf+QstCqJ5q
Score

7^/10

discovery spyware stealer upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallerempyrean

behavioral1

discoveryspywarestealerupx

© 2018-2025

Terms | Privacy