Overview

overview

10

Static

static

10

2222-main/Build.exe

windows7_x64

10

2222-main/Build.exe

windows10_x64

10

2222-main/...se.dll

windows7_x64

1

2222-main/...se.dll

windows10_x64

1

2222-main/OTC.dll

windows7_x64

1

2222-main/OTC.dll

windows10_x64

1

2222-main/OTC2.dll

windows7_x64

1

2222-main/OTC2.dll

windows10_x64

1

2222-main/aurora.dll

windows7_x64

1

2222-main/aurora.dll

windows10_x64

1

2222-main/...ty.dll

windows7_x64

1

2222-main/...ty.dll

windows10_x64

3

2222-main/gan.exe

windows7_x64

10

2222-main/gan.exe

windows10_x64

10

2222-main/mySThe.exe

windows7_x64

10

2222-main/mySThe.exe

windows10_x64

10

2222-main/myporno.exe

windows7_x64

10

2222-main/myporno.exe

windows10_x64

8

2222-main/pandora.dll

windows7_x64

1

2222-main/pandora.dll

windows10_x64

10

2222-main/pass.exe

windows7_x64

10

2222-main/pass.exe

windows10_x64

10

2222-main/petya.exe

windows7_x64

6

2222-main/petya.exe

windows10_x64

6

2222-main/sheyhST.exe

windows7_x64

10

2222-main/sheyhST.exe

windows10_x64

10

2222-main/...io.exe

windows7_x64

10

2222-main/...io.exe

windows10_x64

7

2222-main/test.exe

windows7_x64

3

2222-main/test.exe

windows10_x64

3

2222-main/token.exe

windows7_x64

6

2222-main/token.exe

windows10_x64

6

Analysis

  • max time kernel
    11s
  • max time network
    58s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    30-07-2021 07:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2222-main/sheyhST.exe

  • Size

    1.0MB

  • MD5

    a339a377abbfb9c0ee85652901cc67b3

  • SHA1

    cbafbcefd502b16d4661a2da17fc6d04b34ee0cb

  • SHA256

    0a0a341eb3849788273e62d2acd28de82942f01396c7543f85a5b8a8420e0c44

  • SHA512

    a43ae5d6cf03c96ae757bdb97521562c64e7248d73791ecfae1498df4e9b7401d359bba5e56a3ba2c16cc0e6f30cfc6b9c421667353cb4677b98977c0082282d

Score
10/10
echelonspywarestealersuricata

Malware Config

Signatures

  • Echelon

    Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

    stealerspywareechelon
  • suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
    suricata
  • suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
    suricata
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2222-main\sheyhST.exe
    "C:\Users\Admin\AppData\Local\Temp\2222-main\sheyhST.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2032

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2032-60-0x00000000000C0000-0x00000000000C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2032-62-0x000000001B450000-0x000000001B4C1000-memory.dmp
    Filesize

    452KB

    Download
  • memory/2032-63-0x000000001B500000-0x000000001B502000-memory.dmp
    Filesize

    8KB

    Download