empyrean | 05df54a431ac458c349a2a379fda8816adb260780abf1054dd8cd501ee32d83a | Triage

Submit
Reports

Overview

overview

Static

static

Black bull...on.exe

windows7-x64

7

Black bull...on.exe

windows10-2004-x64

7

Sharing

General

Target

Black bullet cracked (python version.exe
Size

17.8MB
Sample

240701-paqdtstgkq
MD5

dcaa56741e6f842576d96d1a158e9c2e
SHA1

e69d1e8efdf2da43206cf01240300b92c67c3c7a
SHA256

05df54a431ac458c349a2a379fda8816adb260780abf1054dd8cd501ee32d83a
SHA512

bc67f88c1e86a1d9d2826be23da4b8403bb0dcec1033c408bf23b659d1cd41a1fd6142ffeca64eae3900d108ded2803bf8efe1572727d0eaaa6e81de6ff8b4f7
SSDEEP

393216:LqPnLFXlrPmQ8DOETgsvfGFQgvCYDvE5niu6ppq:ePLFXNOQhEdmCjUuJ

Score

10^/10

empyrean persistence privilege_escalation pyinstaller spyware stealer upx

Static task

static1

pyinstaller empyrean

4 signatures

Behavioral task

behavioral1

Sample

Black bullet cracked (python version.exe

Resource

win7-20240508-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

Black bullet cracked (python version.exe

Resource

win10v2004-20240508-en

persistence privilege_escalation spyware stealer upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  Black bullet cracked (python version.exe
- Size
  
  17.8MB
- MD5
  
  dcaa56741e6f842576d96d1a158e9c2e
- SHA1
  
  e69d1e8efdf2da43206cf01240300b92c67c3c7a
- SHA256
  
  05df54a431ac458c349a2a379fda8816adb260780abf1054dd8cd501ee32d83a
- SHA512
  
  bc67f88c1e86a1d9d2826be23da4b8403bb0dcec1033c408bf23b659d1cd41a1fd6142ffeca64eae3900d108ded2803bf8efe1572727d0eaaa6e81de6ff8b4f7
- SSDEEP
  
  393216:LqPnLFXlrPmQ8DOETgsvfGFQgvCYDvE5niu6ppq:ePLFXNOQhEdmCjUuJ
Score

7^/10

upx persistence privilege_escalation spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

pyinstallerempyrean

behavioral1

behavioral2

persistenceprivilege_escalationspywarestealerupx

© 2018-2024

Terms | Privacy