General

  • Target

    d091285362e6cfcf60690c8a4dcd695e

  • Size

    97KB

  • Sample

    210624-melsmm1psn

  • MD5

    d091285362e6cfcf60690c8a4dcd695e

  • SHA1

    0ad0bcc57498a5c2d1251f6fef81806be70aec04

  • SHA256

    a8f36e203ba22b243837f95a371fbad43ef4162e2cf6f01ab78714fed88e7bb3

  • SHA512

    4844a9844f302fa81d17ae1229574905eec70203a9708cc36434f75a2791c7905c76824da89e2c10e55aef72207341340fddc500b80575fb2fe1873308e22400

Malware Config

Targets

    • Target

      d091285362e6cfcf60690c8a4dcd695e

    • Size

      97KB

    • MD5

      d091285362e6cfcf60690c8a4dcd695e

    • SHA1

      0ad0bcc57498a5c2d1251f6fef81806be70aec04

    • SHA256

      a8f36e203ba22b243837f95a371fbad43ef4162e2cf6f01ab78714fed88e7bb3

    • SHA512

      4844a9844f302fa81d17ae1229574905eec70203a9708cc36434f75a2791c7905c76824da89e2c10e55aef72207341340fddc500b80575fb2fe1873308e22400

    • Echelon

      Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v6

Tasks