Overview

overview

10

Static

static

supremacy/....h.vbs

windows10_x64

1

supremacy/....h.vbs

windows10_x64

1

supremacy/...db.exe

windows10_x64

10

Resubmissions

07-06-2021 19:01

210607-6wl9q5g1zj 10

06-06-2021 19:46

210606-8xe3xkelt2 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    supremacy.rar

  • Size

    26.5MB

  • Sample

    210607-6wl9q5g1zj

  • MD5

    92c9d3b76827d91480f918f51aadefe5

  • SHA1

    71ae096b422bdc9f314f7e7c28855c946765791e

  • SHA256

    f3f48cabdadc02e92cae84ba7440239f273b97bb53d2c97988acff0c07c5baef

  • SHA512

    4ab291813a545d3d76f8809c7c3ee6b93c7b8ac785b5a56514c632d30bd66da04d73a0bf0a069edbfe7c8d2613871cd540a40a8797a1ef7e5dc4fc293d3c13a7

Score
10/10
echelondiscoveryspywarestealer

Malware Config

Targets

    • Target

      supremacy/.vs/supremacy_csgo/v16/Browse.VC-wal.db

    • Size

      531KB

    • MD5

      c8e781071aced942d989823c2e1dc107

    • SHA1

      80322b92c1d45bc1d9ccc31856e4b0be46159fce

    • SHA256

      dbf5add59cbb4c99672f0213347c5392b36b9da91c27d5307ea561f298277945

    • SHA512

      63af46c19ae796fe3de276b88f82fdfebd91a632593ce1c1d0b846e41bdf619cb0bc706b0e548646a46f5c363c65d5fc15f9458e96f292cefb699b9c244dfb67

    Score
    1/10
    behavioral1

    • Target

      supremacy/address.h

    • Size

      4KB

    • MD5

      66b3a6f0020021a0eac586e81ac25aec

    • SHA1

      3b98ddcbed3af15736713209e79e5db6364d6de9

    • SHA256

      38394d69b74c1ecfbc260fafbbbefc65e9b1d354f6350043550f01e83379fe5c

    • SHA512

      8c7daaf53db9037fedd1fc5142f4cc25daa012a0ff1d6655a2ba7b7006effa1fe78fd8500c268373ea0f40152750d2278c75ea520a8fc961474d77b9138abc7a

    Score
    1/10
    behavioral2

    • Target

      supremacy/slider.h

    • Size

      1KB

    • MD5

      87e742a18ef192d69794ca435c19881a

    • SHA1

      2d1152f6109959c2fa30b1f6604d5c803720d24f

    • SHA256

      accb22763dc62851875c5df79e34e0ca6adfda970fa3d0bb5e47587bcb49c424

    • SHA512

      824601512e173069367ebf244b664f88af113777fcc4df4f0e6004660a333f239cced42a9ed62ca245c8c6c36757e4df53d33e511d5c3a448c45aca23764f619

    Score
    10/10
    echelondiscoveryspywarestealer

    • Echelon

      Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

      stealerspywareechelon

    • Echelon log file

      Detects a log file produced by Echelon.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks