echelon | bcd93c7eb4909c04cacc58386cf50aec172ffb8f5f7161bcde3a973007b2f754 | Triage

Submit
Reports

Overview

overview

Static

static

bcd93c7eb4...54.exe

windows7_x64

6

bcd93c7eb4...54.exe

windows10_x64

Sharing

General

Target

bcd93c7eb4909c04cacc58386cf50aec172ffb8f5f7161bcde3a973007b2f754
Size

581KB
Sample

201106-l8p1xqe6wn
MD5

16bf61b209cfed043e348b8d28fabbaf
SHA1

6e8285f96f9056d9483b0e5770644a7d67e90364
SHA256

bcd93c7eb4909c04cacc58386cf50aec172ffb8f5f7161bcde3a973007b2f754
SHA512

80d19eb5931bfeac07cfe330d57bd2be5a123c3beae3524cfb732230fd6919bb94b72a99c49f6318493d985f66f9133e62135108a2fa59f7a118d77906f5c513

Score

10^/10

echelon discovery spyware stealer

Static task

static1

keylogger stealer agenttesla

Behavioral task

behavioral1

Sample

bcd93c7eb4909c04cacc58386cf50aec172ffb8f5f7161bcde3a973007b2f754.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

bcd93c7eb4909c04cacc58386cf50aec172ffb8f5f7161bcde3a973007b2f754.exe

Resource

win10v20201028

echelon discovery spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  bcd93c7eb4909c04cacc58386cf50aec172ffb8f5f7161bcde3a973007b2f754
- Size
  
  581KB
- MD5
  
  16bf61b209cfed043e348b8d28fabbaf
- SHA1
  
  6e8285f96f9056d9483b0e5770644a7d67e90364
- SHA256
  
  bcd93c7eb4909c04cacc58386cf50aec172ffb8f5f7161bcde3a973007b2f754
- SHA512
  
  80d19eb5931bfeac07cfe330d57bd2be5a123c3beae3524cfb732230fd6919bb94b72a99c49f6318493d985f66f9133e62135108a2fa59f7a118d77906f5c513
Score

10^/10

echelon discovery spyware stealer
- Echelon
  Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
  stealer spyware echelon
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

keyloggerstealeragenttesla

behavioral1

behavioral2

echelondiscoveryspywarestealer

© 2018-2024

Terms | Privacy