Analysis
-
max time kernel
15s -
max time network
17s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
08-04-2021 11:57
General
-
Target
Lucky_Execute.bin.exe
-
Size
1.0MB
-
MD5
0a8d7545824b45b1b49fe4edabfa7ed4
-
SHA1
aa2bdeca74c0a49a3c7305cfd477e6ef1317b7a2
-
SHA256
5846a8f96c27b089cbb3cba02aeb3b60a8b4fb0a9083b1414474e86ca92c79d0
-
SHA512
81b2b00883270bdae2c75c999b3b98bef9325c5af3ecd7afa0dcbecd4220531046a464713d9b75b54c8e960ada2167191477541724b548289fec1bb42087c669
Score
10/10
Malware Config
Signatures
-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Lucky_Execute.bin.exe"C:\Users\Admin\AppData\Local\Temp\Lucky_Execute.bin.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1680-60-0x0000000000B70000-0x0000000000B71000-memory.dmpFilesize
4KB
-
memory/1680-62-0x0000000000AF0000-0x0000000000B61000-memory.dmpFilesize
452KB
-
memory/1680-63-0x00000000007C0000-0x00000000007C2000-memory.dmpFilesize
8KB