General
-
Target
Mist.Buld.exe
-
Size
391KB
-
Sample
201109-2p48afksqx
-
MD5
51083ffcc13fc386b68eaa8117f48a55
-
SHA1
c5a7098f15174be421498cede6c8df8819e98540
-
SHA256
f440c2cc4fc3168c939310c4e90b80d980a4a0d6a42f0596d2676461b02d11e2
-
SHA512
81119315b4d36283d283e2e8cc1b2f59f4a72ac921fa32707fc00cc636c73e324554bcbc92847c3d5b1dea3fa6fcca3c093074be4b7f56e6c4213238a7ad2d89
Malware Config
Targets
-
-
Target
Mist.Buld.exe
-
Size
391KB
-
MD5
51083ffcc13fc386b68eaa8117f48a55
-
SHA1
c5a7098f15174be421498cede6c8df8819e98540
-
SHA256
f440c2cc4fc3168c939310c4e90b80d980a4a0d6a42f0596d2676461b02d11e2
-
SHA512
81119315b4d36283d283e2e8cc1b2f59f4a72ac921fa32707fc00cc636c73e324554bcbc92847c3d5b1dea3fa6fcca3c093074be4b7f56e6c4213238a7ad2d89
Score10/10-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
Echelon log file
Detects a log file produced by Echelon.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-