General

  • Target

    anticheats.exe

  • Size

    417KB

  • Sample

    201109-bltppdkmwa

  • MD5

    fb2d06f3a2c9d4b9ec1064af3bf9f357

  • SHA1

    aef3c1737f45eb8c1438b759d12d4eae9ce514ba

  • SHA256

    95ab142281af83bca92a9919b0691e3966218a96273452c15b701485af44ad0b

  • SHA512

    a7a083bbc238a061346f0fc884ab3eda39a23de4301e07112a758882d11b6a98d7c536649d3a6e01161c0ceadf4efb806f713be95a6185b5c10d0dfb06e5a063

Malware Config

Targets

    • Target

      anticheats.exe

    • Size

      417KB

    • MD5

      fb2d06f3a2c9d4b9ec1064af3bf9f357

    • SHA1

      aef3c1737f45eb8c1438b759d12d4eae9ce514ba

    • SHA256

      95ab142281af83bca92a9919b0691e3966218a96273452c15b701485af44ad0b

    • SHA512

      a7a083bbc238a061346f0fc884ab3eda39a23de4301e07112a758882d11b6a98d7c536649d3a6e01161c0ceadf4efb806f713be95a6185b5c10d0dfb06e5a063

    • Echelon

      Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

    • Echelon log file

      Detects a log file produced by Echelon.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks