echelon | b5a96378e32e7b20fd73fe5f634729280684bbb146f183b80751680a0e42191d | Triage

Submit
Reports

Overview

overview

Static

static

Output.exe

windows7_x64

Output.exe

windows10_x64

Sharing

General

Target

Output.exe
Size

1.2MB
Sample

210216-kqt26hf492
MD5

3ee3964b6d55f0657fffcf7594f9309f
SHA1

7e4cb727fdc895d4497ffd0d83b810fed8a880dc
SHA256

b5a96378e32e7b20fd73fe5f634729280684bbb146f183b80751680a0e42191d
SHA512

81cdb9d4cf9ba6f3e04e1ec59cf817d0ef54a8d4a135e7018b4045243f7d1d1bb3f3143500a8a5bdf643d879f510450bc14a71715177072eea9a3be833e9d896

Score

10^/10

echelon discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Output.exe

Resource

win7v20201028

echelon discovery spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Output.exe

Resource

win10v20201028

echelon discovery spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Output.exe
- Size
  
  1.2MB
- MD5
  
  3ee3964b6d55f0657fffcf7594f9309f
- SHA1
  
  7e4cb727fdc895d4497ffd0d83b810fed8a880dc
- SHA256
  
  b5a96378e32e7b20fd73fe5f634729280684bbb146f183b80751680a0e42191d
- SHA512
  
  81cdb9d4cf9ba6f3e04e1ec59cf817d0ef54a8d4a135e7018b4045243f7d1d1bb3f3143500a8a5bdf643d879f510450bc14a71715177072eea9a3be833e9d896
Score

10^/10

echelon discovery spyware stealer
- Echelon
  Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
  stealer spyware echelon
- Echelon log file
  Detects a log file produced by Echelon.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

echelondiscoveryspywarestealer

behavioral2

echelondiscoveryspywarestealer

© 2018-2024

Terms | Privacy