Overview

overview

10

Static

static

ExLoader_I...er.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ExLoader_Installer.exe

  • Size

    6.9MB

  • Sample

    210822-9jfv4zt6y6

  • MD5

    e379e32a7ebab69886a166b052085e48

  • SHA1

    2c91af7b4fe73dc260ac82d2b698a024ee1cd967

  • SHA256

    1d936ea9fb383d4cc2138f2e6a1469321ad308b0b9a4e4ab062bd6d19da041bb

  • SHA512

    afc68ee0f66389f0978f707c2f8ccc469fd9df0e82c7f317984cab5f4783ffc9f673a37edae2180e327dd23d8096d5d294769d13f8ac2baa3d28a38ee9b3ba6b

Score
10/10
echelonspywarestealersuricata

Malware Config

Targets

    • Target

      ExLoader_Installer.exe

    • Size

      6.9MB

    • MD5

      e379e32a7ebab69886a166b052085e48

    • SHA1

      2c91af7b4fe73dc260ac82d2b698a024ee1cd967

    • SHA256

      1d936ea9fb383d4cc2138f2e6a1469321ad308b0b9a4e4ab062bd6d19da041bb

    • SHA512

      afc68ee0f66389f0978f707c2f8ccc469fd9df0e82c7f317984cab5f4783ffc9f673a37edae2180e327dd23d8096d5d294769d13f8ac2baa3d28a38ee9b3ba6b

    Score
    10/10
    echelonspywarestealersuricata

    • Echelon

      Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

      stealerspywareechelon

    • suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers

      suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers

      suricata

    • suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

      suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

      suricata

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks