Overview

overview

10

Static

static

mySThe.exe

windows7_x64

10

mySThe.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mySThe.exe

  • Size

    1.0MB

  • Sample

    210730-kmjrsbbnbj

  • MD5

    6d298ea9fddcb15bc12be3699b88724e

  • SHA1

    946732233c9490060639a44ea593f2ccd6ddc30b

  • SHA256

    74499fe96913a5ec1b89d8b79ca8bf2d3fd598c0d65339bd6d6223599f20aa7b

  • SHA512

    40e40caaf22651eb749694b1827f1902c89935bb5f40baf7ec3c68bfd277b68bd76c3a7c54cfa4ce7959b7067b6fb00ec1513f57e330df7790a95e7ed6ebc8ed

Score
10/10
echelonspywarestealersuricata

Malware Config

Targets

    • Target

      mySThe.exe

    • Size

      1.0MB

    • MD5

      6d298ea9fddcb15bc12be3699b88724e

    • SHA1

      946732233c9490060639a44ea593f2ccd6ddc30b

    • SHA256

      74499fe96913a5ec1b89d8b79ca8bf2d3fd598c0d65339bd6d6223599f20aa7b

    • SHA512

      40e40caaf22651eb749694b1827f1902c89935bb5f40baf7ec3c68bfd277b68bd76c3a7c54cfa4ce7959b7067b6fb00ec1513f57e330df7790a95e7ed6ebc8ed

    Score
    10/10
    spywarestealersuricataechelon

    • Echelon

      Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

      stealerspywareechelon

    • suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers

      suricata

    • suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

      suricata

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks