empyrean | add7c0120951d2c7b0ccde90ac3590bd1e6749c9fb2f8b1662d4049bbef14880 | Triage

Submit
Reports

Overview

overview

Static

static

main.exe

windows7-x64

7

main.exe

windows10-2004-x64

8

main.pyc

windows7-x64

3

main.pyc

windows10-2004-x64

3

Resubmissions

29-06-2024 18:23

240629-w1fqmssgpb 10

29-06-2024 18:20

240629-wy9wpswcpj 10

29-06-2024 18:17

240629-ww1j9awckl 10

29-06-2024 18:06

240629-wpp5yasema 10

29-06-2024 17:59

240629-wk8fqawajp 10

Sharing

General

Target

main.exe
Size

19.5MB
Sample

240629-wk8fqawajp
MD5

d9d8f69e5c86b8d05aa4bdd5b0d3f468
SHA1

5553a5dce8d4d6fa8f54c018e57ef97bd75a4043
SHA256

add7c0120951d2c7b0ccde90ac3590bd1e6749c9fb2f8b1662d4049bbef14880
SHA512

738ffa0ee138433ea3a201f5095167a15b5ef6a592b80b13d9a7c48f12260d3366a8406deaa39af392c1267152f68fa734333870d8aaaacd2b7636b22b61667d
SSDEEP

393216:7u7L/1a/vUIYlDfDg8Qic65FMagxbyJ6ZjfyU3aEJ:7CLdaelb08Q9wMaMNfL3

Score

10^/10

empyrean discovery persistence pyinstaller

Static task

static1

pyinstaller empyrean

4 signatures

Behavioral task

behavioral1

Sample

main.exe

Resource

win7-20240611-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

main.exe

Resource

win10v2004-20240226-en

discovery persistence

windows10-2004-x64

22 signatures

150 seconds

Behavioral task

behavioral3

Sample

main.pyc

Resource

win7-20240611-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral4

Sample

main.pyc

Resource

win10v2004-20240508-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  main.exe
- Size
  
  19.5MB
- MD5
  
  d9d8f69e5c86b8d05aa4bdd5b0d3f468
- SHA1
  
  5553a5dce8d4d6fa8f54c018e57ef97bd75a4043
- SHA256
  
  add7c0120951d2c7b0ccde90ac3590bd1e6749c9fb2f8b1662d4049bbef14880
- SHA512
  
  738ffa0ee138433ea3a201f5095167a15b5ef6a592b80b13d9a7c48f12260d3366a8406deaa39af392c1267152f68fa734333870d8aaaacd2b7636b22b61667d
- SSDEEP
  
  393216:7u7L/1a/vUIYlDfDg8Qic65FMagxbyJ6ZjfyU3aEJ:7CLdaelb08Q9wMaMNfL3
Score

8^/10

discovery persistence
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  main.pyc
- Size
  
  7KB
- MD5
  
  c7b4c30e9c1081b4443828340b3d6f26
- SHA1
  
  959fef1d660d007d1ac377b9da55bd962ead89e7
- SHA256
  
  08c619f4b016881e0aa5363b624230f0c873fafcf6acf5254ea76bdb82f34a8e
- SHA512
  
  69716d21fb8176987b4df569d979d20c4a98ef198b61445bf8bb1afe3464be7e59c06deb3d2ef68cca7f463319d56525a291fee2d44c4d5d7e6f0f22d3795738
- SSDEEP
  
  192:wyNwlSyD8AOc/WdXwryAuuPJhwvEaVIMdwamdYnw:dNwlSZyWu32syIPam2w
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

pyinstallerempyrean

behavioral1

behavioral2

discoverypersistence

behavioral3

behavioral4

© 2018-2024

Terms | Privacy