echelon | eaee3b7f33e680cfebcac7634b0ea0aaefac8564bc50603cb90669a43d89a29e | Triage

Submit
Reports

Overview

overview

Static

static

NordVPNSetup.exe

windows7_x64

NordVPNSetup.exe

windows10_x64

Sharing

General

Target

NordVPNSetup.exe
Size

1.1MB
Sample

210907-g6ps6sfcem
MD5

1b01af0b820d4c8d3ebe3723cfefc5f8
SHA1

32e5ee49475a930da2ffe199be41e7b639d1ae1b
SHA256

eaee3b7f33e680cfebcac7634b0ea0aaefac8564bc50603cb90669a43d89a29e
SHA512

f27f2ae8bc047cf392d4823898353901b83733a127c750adad4574c82e8371174666144b21938462f152a7be295143041adc3a43f8b05f4fb46ffbd7394445ae

Score

10^/10

echelon discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

NordVPNSetup.exe

Resource

win7-en

echelon discovery spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

NordVPNSetup.exe

Resource

win10v20210408

echelon discovery spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  NordVPNSetup.exe
- Size
  
  1.1MB
- MD5
  
  1b01af0b820d4c8d3ebe3723cfefc5f8
- SHA1
  
  32e5ee49475a930da2ffe199be41e7b639d1ae1b
- SHA256
  
  eaee3b7f33e680cfebcac7634b0ea0aaefac8564bc50603cb90669a43d89a29e
- SHA512
  
  f27f2ae8bc047cf392d4823898353901b83733a127c750adad4574c82e8371174666144b21938462f152a7be295143041adc3a43f8b05f4fb46ffbd7394445ae
Score

10^/10

echelon discovery spyware stealer
- Echelon
  Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
  stealer spyware echelon
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

echelondiscoveryspywarestealer

behavioral2

echelondiscoveryspywarestealer

© 2018-2024

Terms | Privacy