echelon | 526b68a0be26a2bce634d4c37a025eca01d051e4ae0df350fa384541ebbe09c5 | Triage

Submit
Reports

Overview

overview

Static

static

526b68a0be...c5.exe

windows7_x64

526b68a0be...c5.exe

windows10_x64

Sharing

General

Target

526b68a0be26a2bce634d4c37a025eca01d051e4ae0df350fa384541ebbe09c5
Size

2.0MB
Sample

201113-pxexg5xfze
MD5

fc91265d814957f8963ca2ff8de8b689
SHA1

18ce51ccfff15e04b958f95fd1ee3c82cdb2784f
SHA256

526b68a0be26a2bce634d4c37a025eca01d051e4ae0df350fa384541ebbe09c5
SHA512

5044b473116881cbf0c74a9758b1dbd88cd273d2a928ebac57a0d3a828ece13bdda8448e33b28c54caa0d44bdd3a5ab2ba2b44c09fd3bf6f6383689caf73286a

Score

10^/10

echelon discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

526b68a0be26a2bce634d4c37a025eca01d051e4ae0df350fa384541ebbe09c5.exe

Resource

win7v20201028

echelon discovery spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

526b68a0be26a2bce634d4c37a025eca01d051e4ae0df350fa384541ebbe09c5.exe

Resource

win10v20201028

echelon discovery spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  526b68a0be26a2bce634d4c37a025eca01d051e4ae0df350fa384541ebbe09c5
- Size
  
  2.0MB
- MD5
  
  fc91265d814957f8963ca2ff8de8b689
- SHA1
  
  18ce51ccfff15e04b958f95fd1ee3c82cdb2784f
- SHA256
  
  526b68a0be26a2bce634d4c37a025eca01d051e4ae0df350fa384541ebbe09c5
- SHA512
  
  5044b473116881cbf0c74a9758b1dbd88cd273d2a928ebac57a0d3a828ece13bdda8448e33b28c54caa0d44bdd3a5ab2ba2b44c09fd3bf6f6383689caf73286a
Score

10^/10

echelon discovery spyware stealer
- Echelon
  Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
  stealer spyware echelon
- Echelon log file
  Detects a log file produced by Echelon.
- ServiceHost packer
  Detects ServiceHost packer used for .NET malware
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

echelondiscoveryspywarestealer

behavioral2

echelondiscoveryspywarestealer

© 2018-2024

Terms | Privacy