General
-
Target
File.exe
-
Size
1.8MB
-
Sample
201108-nlevbf9yva
-
MD5
42d51e625544236266f22b3eebfb2916
-
SHA1
c629b576834ada632f4cb7f1f9a42dcaed775468
-
SHA256
10d9bfb8ffd8604bd88edfa7ec3f70f24f551ad6720016320377afcad9a6f735
-
SHA512
8a340465dcc7cead86908c6286f6eb03ebc0f340c8e9574eb1241dd810c1242b3957260e934fa994bf003c07e0fe7978ea6ec493c076fbccfb4772dc0a37279f
Malware Config
Targets
-
-
Target
File.exe
-
Size
1.8MB
-
MD5
42d51e625544236266f22b3eebfb2916
-
SHA1
c629b576834ada632f4cb7f1f9a42dcaed775468
-
SHA256
10d9bfb8ffd8604bd88edfa7ec3f70f24f551ad6720016320377afcad9a6f735
-
SHA512
8a340465dcc7cead86908c6286f6eb03ebc0f340c8e9574eb1241dd810c1242b3957260e934fa994bf003c07e0fe7978ea6ec493c076fbccfb4772dc0a37279f
Score10/10-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
Echelon log file
Detects a log file produced by Echelon.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-