echelon | hxxps://dropmefiles[.]com/brqGr | Triage

Submit
Reports

Overview

overview

Static

static

URLScan

urlscan

https://dropmefiles....

windows10_x64

Sharing

General

Target

https://dropmefiles.com/brqGr
Sample

211127-k15h8ahgem

Score

10^/10

echelon spyware stealer suricata vmprotect

Static task

static1

URLScan task

urlscan1

Sample

https://dropmefiles.com/brqGr

Behavioral task

behavioral1

Sample

https://dropmefiles.com/brqGr

Resource

win10-en-20211104

echelon spyware stealer suricata vmprotect

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  https://dropmefiles.com/brqGr
Score

10^/10

echelon spyware stealer suricata vmprotect
- Echelon
  Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
  stealer spyware echelon
- suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
  suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
  suricata
- suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
  suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
  suricata
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

urlscan1

behavioral1

echelonspywarestealersuricatavmprotect

© 2018-2024

Terms | Privacy