Overview

overview

10

Static

static

11.bin.exe

windows7_x64

8

11.bin.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    11.bin.zip

  • Size

    1.2MB

  • Sample

    210712-874y6v7dkn

  • MD5

    2eca62195c7c384a9418d20a10e8fd24

  • SHA1

    5a286fa2b7bc41604c007193a21863f77058f3f6

  • SHA256

    3b0dd80fe69341c8c788647b73e8eace9b9ce28d5393de9350993c43f978819d

  • SHA512

    a0aac142ba2822f6429781d9e245fbe32d2ddbce598a38734bd024fccdc5592678e08819514721e65e9011edd887e4d78e31ef484d3c0b5390d7f2cbb6092c34

Score
10/10
echelonspywarestealer

Malware Config

Targets

    • Target

      11.bin

    • Size

      1.2MB

    • MD5

      b75c7acd1f22f27112a92743c1e690b1

    • SHA1

      213a9b0791dd4a33633920d9327f226b9db5c827

    • SHA256

      28d2e300adc2a932e546456edb9439f2edc216c737aa68665887979e3512dde0

    • SHA512

      0c0581cef5fee7a09d72bc58a03b9d08f4c1bb0388fefeb603e7001f5c73db73d8d172ed53d2e0da62c78ab710b9d96246c1a175dbbced296605ca00dfe3aa1f

    Score
    10/10
    spywarestealerechelon

    • Echelon

      Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

      stealerspywareechelon

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks