Overview

overview

10

Static

static

Lucky Fixed.exe

windows7_x64

8

Lucky Fixed.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Lucky Fixed.exe

  • Size

    1.3MB

  • Sample

    210519-5y9cmtm3y2

  • MD5

    1f4f57202ef12656df3582a8adef59d8

  • SHA1

    0f66c9ac00c19dd20827a78ffdfa4e63857abffb

  • SHA256

    6933c5d70f485687742b49b9310074cc4b948a293527ad0c7c78fb60d47efcb1

  • SHA512

    ae67c0aa6a1d87fdedf3ee08c050cb853bef45510383b13033285991ca983985ef1a8329a7782d2e02eb079b6c0246909c0110dfbd22ca921bd209446e1d0fcb

Score
10/10
echelonspywarestealer

Malware Config

Targets

    • Target

      Lucky Fixed.exe

    • Size

      1.3MB

    • MD5

      1f4f57202ef12656df3582a8adef59d8

    • SHA1

      0f66c9ac00c19dd20827a78ffdfa4e63857abffb

    • SHA256

      6933c5d70f485687742b49b9310074cc4b948a293527ad0c7c78fb60d47efcb1

    • SHA512

      ae67c0aa6a1d87fdedf3ee08c050cb853bef45510383b13033285991ca983985ef1a8329a7782d2e02eb079b6c0246909c0110dfbd22ca921bd209446e1d0fcb

    Score
    10/10
    echelonspywarestealer

    • Echelon

      Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

      stealerspywareechelon

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks