echelon | 861878b319e66fd632f7d7623f0b56028f18d1e315680a15fc161a451ac9c788 | Triage

Submit
Reports

Overview

overview

Static

static

DataSteale..._2.exe

windows7_x64

DataSteale..._2.exe

windows10_x64

Sharing

General

Target

DataStealer from 1_2
Size

1.2MB
Sample

200717-t4z5zfvwwe
MD5

7dba2e8ecbad5b33646e03a4af78967a
SHA1

f538fe80f76330e7d548e4f9b5171a56116d8e5e
SHA256

861878b319e66fd632f7d7623f0b56028f18d1e315680a15fc161a451ac9c788
SHA512

b6a5e07b0227a6acecfba1917de66099e42c69632333e49f75b4c8d8191cb268bea4c751be2afd763089ea205083a35cf6c2b8c15de02e3564a842d5c3d8d1c6

Score

10^/10

echelon discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

DataStealer from 1_2.exe

Resource

win7

spyware discovery stealer echelon

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

DataStealer from 1_2.exe

Resource

win10v200430

discovery stealer spyware echelon

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  DataStealer from 1_2
- Size
  
  1.2MB
- MD5
  
  7dba2e8ecbad5b33646e03a4af78967a
- SHA1
  
  f538fe80f76330e7d548e4f9b5171a56116d8e5e
- SHA256
  
  861878b319e66fd632f7d7623f0b56028f18d1e315680a15fc161a451ac9c788
- SHA512
  
  b6a5e07b0227a6acecfba1917de66099e42c69632333e49f75b4c8d8191cb268bea4c751be2afd763089ea205083a35cf6c2b8c15de02e3564a842d5c3d8d1c6
Score

10^/10

spyware discovery stealer echelon
- Echelon
  Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
  stealer spyware echelon
- Echelon log file
  Detects a log file produced by Echelon.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

spywarediscoverystealerechelon

behavioral2

discoverystealerspywareechelon

© 2018-2024

Terms | Privacy