Analysis

  • max time kernel
    40s
  • max time network
    60s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    22-08-2021 15:37

General

  • Target

    Lucky Fixed.exe

  • Size

    1.5MB

  • MD5

    6a32b1b835f78438ddbbadb444203b52

  • SHA1

    407398b8f5981189ffa86b41efd3547c1cffd663

  • SHA256

    3ef80a7a371def66b2811ae322f516c62d6a0f1d534a08967f577dc13390408c

  • SHA512

    00ff4c6d4a93ed9a3d0a86d9b0397eff1d1ed5d3a333f17bc60fd483844bed04e5e160d813150487abc1a0125289eaf2e4bc9677f7d5a10373e8e8dda815d11d

Score
10/10

Malware Config

Signatures

  • Echelon

    Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Lucky Fixed.exe
    "C:\Users\Admin\AppData\Local\Temp\Lucky Fixed.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:416

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/416-114-0x0000000000E20000-0x0000000000E21000-memory.dmp

    Filesize

    4KB

  • memory/416-116-0x0000000003130000-0x00000000031A1000-memory.dmp

    Filesize

    452KB

  • memory/416-117-0x000000001BDA0000-0x000000001BDA2000-memory.dmp

    Filesize

    8KB