Overview

overview

10

Static

static

DataSteale..._2.exe

windows7_x64

10

DataSteale..._2.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DataStealer from 1_2

  • Size

    1.2MB

  • Sample

    200717-t4z5zfvwwe

  • MD5

    7dba2e8ecbad5b33646e03a4af78967a

  • SHA1

    f538fe80f76330e7d548e4f9b5171a56116d8e5e

  • SHA256

    861878b319e66fd632f7d7623f0b56028f18d1e315680a15fc161a451ac9c788

  • SHA512

    b6a5e07b0227a6acecfba1917de66099e42c69632333e49f75b4c8d8191cb268bea4c751be2afd763089ea205083a35cf6c2b8c15de02e3564a842d5c3d8d1c6

Score
10/10
echelondiscoveryspywarestealer

Malware Config

Targets

    • Target

      DataStealer from 1_2

    • Size

      1.2MB

    • MD5

      7dba2e8ecbad5b33646e03a4af78967a

    • SHA1

      f538fe80f76330e7d548e4f9b5171a56116d8e5e

    • SHA256

      861878b319e66fd632f7d7623f0b56028f18d1e315680a15fc161a451ac9c788

    • SHA512

      b6a5e07b0227a6acecfba1917de66099e42c69632333e49f75b4c8d8191cb268bea4c751be2afd763089ea205083a35cf6c2b8c15de02e3564a842d5c3d8d1c6

    Score
    10/10
    spywarediscoverystealerechelon

    • Echelon

      Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

      stealerspywareechelon

    • Echelon log file

      Detects a log file produced by Echelon.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks