General

  • Target

    Phantom.rar

  • Size

    1.1MB

  • Sample

    210501-cpjt1q6kjx

  • MD5

    35340aa36cf701451ae020f4e916a774

  • SHA1

    a36917c71ad5f14b3da2e0c74f9197c6d1c49773

  • SHA256

    86f2fcc5ac4a7e5af68c2814b3fbc96c96df589fc92db49e6cf79e19c95f26ca

  • SHA512

    7626581b9f3e389f4349eb72932010b9fc57d834662a25508bfae221ed7d072ec881360d92acf1cbac384510cef4a746857cb8c2a8ad153974c75f5faabaf7fd

Score
10/10

Malware Config

Targets

    • Target

      Phantom.exe

    • Size

      1.5MB

    • MD5

      de410adc180c797cacd651d8cdce4bf5

    • SHA1

      4366c4de79abd01a8e4fc8cb135807f857a7acdd

    • SHA256

      3d5f85346e83ad7a3c1e881c20afc95dd4d7ddf0a1372e47193761225e054cd4

    • SHA512

      d1c38390395fa720460b2188be6a96bbaa4f34c642d5e827f5e3c4ab9f14b7d8d77ec73691a514902671a0b796e4aebd2269b20a71570dc1e4095ee69988bff0

    Score
    10/10
    • Echelon

      Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks