echelon | 4a0f711887436496355320a602ea4141f5fceed48cb960e638d9daaee70dd077 | Triage

Submit
Reports

Overview

overview

Static

static

BB483E0CB2...11.exe

windows7_x64

BB483E0CB2...11.exe

windows10_x64

Sharing

General

Target

BB483E0CB23EAF8FAAA78E28B5899211.exe
Size

2.5MB
Sample

211114-hgcyragab2
MD5

bb483e0cb23eaf8faaa78e28b5899211
SHA1

80d17f4bb56fd99c557fbe72debe057bbf54c7f9
SHA256

4a0f711887436496355320a602ea4141f5fceed48cb960e638d9daaee70dd077
SHA512

be11b7de917665c1c9f993025e1960f95c3dd03c7ce8146bdc5b4038efbd9a52104780681fdaf6f3d70be8f7c717eeabafb964364b422ed15b4e9add79cc754f

Score

10^/10

echelon njrat redline @xxtrez hacked evasion infostealer persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

BB483E0CB23EAF8FAAA78E28B5899211.exe

Resource

win7-en-20211104

njrat redline hacked evasion infostealer persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

BB483E0CB23EAF8FAAA78E28B5899211.exe

Resource

win10-en-20211104

echelon njrat redline @xxtrez hacked evasion infostealer persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

0.tcp.ngrok.io:11722

Mutex

aadcb7aa3c0523a52c6ea2a71565f2d7

Attributes

reg_key
aadcb7aa3c0523a52c6ea2a71565f2d7
splitter
|'|'|

Extracted

Family

redline

Botnet

@xxtrez

C2

178.20.41.235:41993

Targets

- Target
  
  BB483E0CB23EAF8FAAA78E28B5899211.exe
- Size
  
  2.5MB
- MD5
  
  bb483e0cb23eaf8faaa78e28b5899211
- SHA1
  
  80d17f4bb56fd99c557fbe72debe057bbf54c7f9
- SHA256
  
  4a0f711887436496355320a602ea4141f5fceed48cb960e638d9daaee70dd077
- SHA512
  
  be11b7de917665c1c9f993025e1960f95c3dd03c7ce8146bdc5b4038efbd9a52104780681fdaf6f3d70be8f7c717eeabafb964364b422ed15b4e9add79cc754f
Score

10^/10

njrat redline hacked evasion infostealer persistence trojan echelon @xxtrez spyware stealer
- Echelon
  Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
  stealer spyware echelon
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratredlinehackedevasioninfostealerpersistencetrojan

behavioral2

echelonnjratredline@xxtrezhackedevasioninfostealerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy