General
-
Target
among.exe
-
Size
3.0MB
-
Sample
201025-2cqpzgq2as
-
MD5
bd089566ea96fcbff16b58166467c04e
-
SHA1
600d2248a7a21d13dd407a3c5769c11da46f4269
-
SHA256
254065f8c104909b9539cfeb5b1fa5641b5871114cb3185be5f533022f7e341c
-
SHA512
c9f96b23b7e62f65579c01ad95543992c187b2c92c6d5935af8d6d5368ec1e91becfc23e6c4e9ad84d8077090392a0c29d29a3c2b350876db5760d7131095ccb
Malware Config
Targets
-
-
Target
among.exe
-
Size
3.0MB
-
MD5
bd089566ea96fcbff16b58166467c04e
-
SHA1
600d2248a7a21d13dd407a3c5769c11da46f4269
-
SHA256
254065f8c104909b9539cfeb5b1fa5641b5871114cb3185be5f533022f7e341c
-
SHA512
c9f96b23b7e62f65579c01ad95543992c187b2c92c6d5935af8d6d5368ec1e91becfc23e6c4e9ad84d8077090392a0c29d29a3c2b350876db5760d7131095ccb
Score10/10-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Echelon log file
Detects a log file produced by Echelon.
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Suspicious Office macro
Office document equipped with 4.0 macros.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
JavaScript code in executable
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-