MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c1a9a7bb485638c82e5c97fd21576e1d915a9077e03a44ab59c10a4a2267738f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


EpsilonStealer


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c1a9a7bb485638c82e5c97fd21576e1d915a9077e03a44ab59c10a4a2267738f
SHA3-384 hash: 2e1195584a1617459945ea0eaeb97542aa3e84ce048efc63157b9c77983b432b92382a8487c7f995b4851136d88e1c3f
SHA1 hash: b3a840454f20641ba5281a86c36b855ada169cb5
MD5 hash: 197ab5f0f6c1dbe3f9797f6cf8d41040
humanhash: nevada-butter-bluebird-idaho
File name:SecuriteInfo.com.Trojan-PSW.Win32.Stealer.bwzr.21715.22694
Download: download sample
Signature EpsilonStealer
Create hunting rule
File size:65'476'254 bytes
First seen:2023-12-26 19:20:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b34f154ec913d2d2c435cbd644e91687 (527 x GuLoader, 110 x RemcosRAT, 80 x EpsilonStealer)
ssdeep 786432:7avhX/O6oskdOMcN5i1gnHOgCcqcKLdpymtNMk7DcpZpiJRy2RIFjUZlQiRX3cQ2:Wm6TDMcNY1MHPMNMLpZyIdiBcQ60Ejz
Threatray 57 similar samples on MalwareBazaar
TLSH T17EE73368FE098687C8C49577696F6FD870003393F308EEE70B3AD7559A2227D16846BD
TrID 37.3% (.EXE) Win64 Executable (generic) (10523/12/4)
17.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
16.0% (.EXE) Win32 Executable (generic) (4505/5/1)
7.3% (.ICL) Windows Icons Library (generic) (2059/9)
7.2% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 100c3232b2b24c30 (38 x EpsilonStealer)
Reporter SecuriteInfoCom
Tags:EpsilonStealer exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
333
Origin country :
FR FR
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% subdirectories
Сreating synchronization primitives
Creating a process from a recently created file
Creating a window
Creating a file
DNS request
Searching for synchronization primitives
Unauthorized injection to a recently created process
Creating a file in the %AppData% subdirectories
Moving a file to the %AppData% subdirectory
Changing a file
Sending a custom TCP request
Deleting a recently created file
Running batch commands
Creating a process with a hidden window
Launching a process
Launching the process to change network settings
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
control installer lolbin overlay packed shell32
Link:
https://www.filescan.io/uploads/658b27a27d4bdb7f8bfddb66/reports/d0f89fb4-1f13-4b5a-a808-a777183bb59c/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/c1a9a7bb485638c82e5c97fd21576e1d915a9077e03a44ab59c10a4a2267738f
Result
Verdict:
MALICIOUS
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1367124
Signature
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
97%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/c1a9a7bb485638c82e5c97fd21576e1d915a9077e03a44ab59c10a4a2267738f
Gathering data
Threat name:
Win32.Trojan.ScarletFlash
Create hunting rule
Status:
Malicious
First seen:
2023-12-24 19:08:00 UTC
File Type:
PE (Exe)
Extracted files:
138
AV detection:
7 of 37 (18.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ygu2po2iky4mqls4s76scv3odwivvedx4a5ejk2zyefeuithoohq._file
Verdict:
unknown
Similar samples:
232217425086463586fa617f55e66928e1bfc536e3d4b520c60bc79b4226248d
EpsilonStealer
3ff7c0caa6bdf36ef8da7d9fddd8ac754ba400f5e82cca7a4e678306cb42dcb4
EpsilonStealer
449a202893e77d929c180d920bc6c8ef1c42ca69a329263777cf2cfcd7933eca
EpsilonStealer
5b0d0d6d01b25c6c7af20da0a3c5256ffd61d439c19dd1a22b1b9b67882b3cd0
EpsilonStealer
9e8143951a098ea6ce5959d1b8c24af47e272af8f5e9843bfc98fef84899f2b7
EpsilonStealer
b70d0cd496727f94dcc63127c8539d38bfd97e636ab5f460d675efa46aa8d24f
EpsilonStealer
b8161306c78382936b6992ab10fd7e0f800cd62d348c8c4e179141319e64d69b
EpsilonStealer
c19aa929d70c164a8b43d20e1ccabb9e9d3ad2387138d3bfb12ef7201fd412cf
EpsilonStealer
d8afe991468eff73fa1c6cc6b166fb2652db4473a07f91ed2295d05923b01277
EpsilonStealer
+ 47 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/231226-x2ny3sdhek/
Behaviour
Detects videocard installed
Enumerates processes with tasklist
Suspicious use of AdjustPrivilegeToken
Enumerates physical storage devices
Looks up external IP address via web service
Loads dropped DLL
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

EpsilonStealer

Executable exe c1a9a7bb485638c82e5c97fd21576e1d915a9077e03a44ab59c10a4a2267738f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2744154/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2744529/
  
URLhaus
https://urlhaus.abuse.ch/url/2744742/

Comments