Overview

overview

10

Static

static

ﱞﱞﱞ�...ﱞﱞ

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Lucky update (пароль 123).rar

  • Size

    808KB

  • Sample

    210326-5pdq5g1frx

  • MD5

    5527d2aa5300f9d45534cf65b61b756e

  • SHA1

    2563fbc3b9edc2135af553135668b9ef41e5be66

  • SHA256

    a906f50dff710a4a046397eabdc9d5fff06a400769b1c02453e7f2fed1c1fc44

  • SHA512

    3898474a4fddb5926734918fd26dbe4f35b75797121a8530ab2f1d7eb077e4a4f7c0722dd0985edd9f908dba104b86044da423fa0a9d8436661c15240d628bb8

Score
10/10
echelonspywarestealervmprotect

Malware Config

Targets

    • Target

      Lucky update/Lucky Fixed.exe

    • Size

      1.2MB

    • MD5

      1158d8823d7aa2d495b929235eca0308

    • SHA1

      9ff33319ea4ba925490fcace0565a4d8cfca3291

    • SHA256

      6b0dad1260f91e697cabd10516a8780e3f44f1870d51f60aa0492be75b96ca4e

    • SHA512

      9f94db6ceffadd8a4b4c2daba77eccc6a79ad7b701f4618e9c7d332f70b0de91725741ae6c3214a6350d6173a682891485c84ed4426efa2e3acb47632f302493

    Score
    10/10
    echelonspywarestealervmprotect

    • Echelon

      Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

      stealerspywareechelon

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks