Overview

overview

10

Static

static

9.exe

windows7_x64

10

9.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9.exe

  • Size

    1.0MB

  • Sample

    210813-an61xpx6e6

  • MD5

    6016445d4e3cee2e3efc99f412e9dadc

  • SHA1

    c2340620feee283fa98bf67b468b73c6868bbe0b

  • SHA256

    a6960926d530880cde47a08146cb733b1b69fad3cd30b8af4d7afa999254e3c0

  • SHA512

    cd23c3b8ee689e49d0c3d3c58bb82af15449edad2a51ce8d56063fb12a4f05b57fcd866175844dd371ba4f3366cf9ad5da9183cf4fa09ca20f5cef887d59c19a

Score
10/10
echelonspywarestealersuricata

Malware Config

Targets

    • Target

      9.exe

    • Size

      1.0MB

    • MD5

      6016445d4e3cee2e3efc99f412e9dadc

    • SHA1

      c2340620feee283fa98bf67b468b73c6868bbe0b

    • SHA256

      a6960926d530880cde47a08146cb733b1b69fad3cd30b8af4d7afa999254e3c0

    • SHA512

      cd23c3b8ee689e49d0c3d3c58bb82af15449edad2a51ce8d56063fb12a4f05b57fcd866175844dd371ba4f3366cf9ad5da9183cf4fa09ca20f5cef887d59c19a

    Score
    10/10
    echelonspywarestealersuricata

    • Echelon

      Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

      stealerspywareechelon

    • suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers

      suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers

      suricata

    • suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

      suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

      suricata

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks