General
-
Target
19b887f37f75fca000084389a46800c513b1c42ff36c4781869243eef5d21b9c
-
Size
2.0MB
-
Sample
201109-8gcfqqwmcx
-
MD5
eb66520231ebf47315435acdfbb52691
-
SHA1
482f7fa8e6169cba5de41141de61df9c7f609234
-
SHA256
19b887f37f75fca000084389a46800c513b1c42ff36c4781869243eef5d21b9c
-
SHA512
f5edb3e08b951c56df637d66ce0ea968bb8daabe32a2b91a339719ea220096fdec83c16a092bdfa9ac96b14450f571e00e88340238f49e17ab10895d45c3ceb2
Malware Config
Targets
-
-
Target
19b887f37f75fca000084389a46800c513b1c42ff36c4781869243eef5d21b9c
-
Size
2.0MB
-
MD5
eb66520231ebf47315435acdfbb52691
-
SHA1
482f7fa8e6169cba5de41141de61df9c7f609234
-
SHA256
19b887f37f75fca000084389a46800c513b1c42ff36c4781869243eef5d21b9c
-
SHA512
f5edb3e08b951c56df637d66ce0ea968bb8daabe32a2b91a339719ea220096fdec83c16a092bdfa9ac96b14450f571e00e88340238f49e17ab10895d45c3ceb2
Score10/10-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
Echelon log file
Detects a log file produced by Echelon.
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-