Analysis
-
max time kernel
53s -
max time network
54s -
platform
windows7_x64 -
resource
win7 -
submitted
27-08-2020 07:48
General
-
Target
Hack.exe
-
Size
1.2MB
-
MD5
fed2a8736c84eda9dcc8533b5019f7d8
-
SHA1
b2dbb7a42d46f9f694912b9d0554e10c0240952a
-
SHA256
264662e60005a099f9aaaa88e1dcee1381a3a187a158fdfbc40bbd5024407cb1
-
SHA512
ae7778829b3fb66b2e7bed20e6ae1e8ae86b3f7d4279b554416cc1cc71df4a766cd0199ba914b2de31b3bba4db42d0b99bd07f7228aaacf5a80ed582e00c9ec3
Score
10/10
Malware Config
Signatures
-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
Echelon log file 1 IoCs
Detects a log file produced by Echelon.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service 4 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Hack.exe"C:\Users\Admin\AppData\Local\Temp\Hack.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9.9MB
-
Filesize
4KB