empyrean | 8aed7a09c5f0403ceb54b83e17bb4b561adcca7c13892c8ee17e898ed985125e | Triage

Submit
Reports

Overview

overview

Static

static

main.exe

windows10-2004-x64

7

Resubmissions

30-06-2024 04:59

240630-fmnakaxdqm 10

30-06-2024 04:54

240630-fjkehaxdpn 10

Sharing

General

Target

main.exe
Size

18.5MB
Sample

240630-fjkehaxdpn
MD5

d5ff274a5b817aa4db659908f96e04ba
SHA1

2ff1d39e9516cf1b0bff128f6c7ec79168380499
SHA256

8aed7a09c5f0403ceb54b83e17bb4b561adcca7c13892c8ee17e898ed985125e
SHA512

9f13a2946da26b8cac5b73bb36c78ac14385ee7ad1465684e303008c58101aec2911132a66838f9901cd7aae7a63d9f5190483a7a4bf7047bf925eddefbba037
SSDEEP

393216:fqPnLFXlrPrQ8DOETgs77fGKgnUaQvElbas1WP2q:yPLFXNjQhE73CUaJlz1u

Score

10^/10

empyrean persistence privilege_escalation pyinstaller spyware stealer upx

Static task

static1

pyinstaller empyrean

4 signatures

Behavioral task

behavioral1

Sample

main.exe

Resource

win10v2004-20240611-en

persistence privilege_escalation spyware stealer upx

windows10-2004-x64

16 signatures

1200 seconds

Malware Config

Targets

- Target
  
  main.exe
- Size
  
  18.5MB
- MD5
  
  d5ff274a5b817aa4db659908f96e04ba
- SHA1
  
  2ff1d39e9516cf1b0bff128f6c7ec79168380499
- SHA256
  
  8aed7a09c5f0403ceb54b83e17bb4b561adcca7c13892c8ee17e898ed985125e
- SHA512
  
  9f13a2946da26b8cac5b73bb36c78ac14385ee7ad1465684e303008c58101aec2911132a66838f9901cd7aae7a63d9f5190483a7a4bf7047bf925eddefbba037
- SSDEEP
  
  393216:fqPnLFXlrPrQ8DOETgs77fGKgnUaQvElbas1WP2q:yPLFXNjQhE73CUaJlz1u
Score

7^/10

persistence privilege_escalation spyware stealer upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

pyinstallerempyrean

behavioral1

persistenceprivilege_escalationspywarestealerupx

© 2018-2024

Terms | Privacy