Overview

overview

10

Static

static

nixware be...xe.exe

windows7_x64

10

nixware be...xe.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    nixware beta.rar

  • Size

    738KB

  • Sample

    210718-gslvy1p2qs

  • MD5

    96c48df645c9dcd44a1f506ceda44625

  • SHA1

    d81d9e5cea69a7afdc9326a6a5fe11268d564dfe

  • SHA256

    73226f6f5b3ff0ec796fa94fa1b7884dae7db36120c91bb83766d3efc93e6c1a

  • SHA512

    9cda401e81edc039e2372105bf3ae8a5e77a5512a218fcc676a5714bb2f6c38bb9ee92efa2b3ee4a172b2cb8d9ccbda6c879bb006fadc31d1c3585193b93b65c

Score
10/10
echelonspywarestealer

Malware Config

Targets

    • Target

      nixware beta/EZinjector reborn for CSGO.exe.exe

    • Size

      1.0MB

    • MD5

      eb38d801bd68576feb5ab7410ae70e5a

    • SHA1

      d986896e82195070aab8bf500a2c0f97cc7235a5

    • SHA256

      c161dfcb0fcec751eb7c8963c5f58efd411a9f866ab743ae0e3ff41a8f5cc982

    • SHA512

      7f31b26e702e86a421cc21f11e16b85b7c2b00ee7331e7d97fca3a219cd1c1e49b5f5cad16fd41e45854cbda5364888fa210b65c1dc2cd76a5a42a8fffe3681e

    Score
    10/10
    echelonspywarestealer

    • Echelon

      Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

      stealerspywareechelon

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks