echelon | 1ec0a7cf579b43db873c885bb6fcee2e082ef92fe423372acec2cab9bd9040c0 | Triage

Submit
Reports

Overview

overview

Static

static

исходник.exe

windows7_x64

6

исходник.exe

windows10_x64

Sharing

General

Target

исходник.exe
Size

2.6MB
Sample

220127-vd64msgafn
MD5

cb267c252a42ed8e1de90463e2ab4013
SHA1

fcfc74cfc893c4b454cfcc190a51fc9e9b6b265b
SHA256

1ec0a7cf579b43db873c885bb6fcee2e082ef92fe423372acec2cab9bd9040c0
SHA512

ece505a79a2e2b84b731ece8024e37f4da579f6af1555ad6ae2088c5fe4c5884819e64a4ca7b42fcee464912179e88a9782566cf5f2ff18f9bf63121e5045b01

Score

10^/10

echelon redline sapphire infostealer spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

исходник.exe

Resource

win7-en-20211208

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

исходник.exe

Resource

win10-en-20211208

echelon redline sapphire infostealer spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

sapphire

C2

185.230.143.237:2548

Targets

- Target
  
  исходник.exe
- Size
  
  2.6MB
- MD5
  
  cb267c252a42ed8e1de90463e2ab4013
- SHA1
  
  fcfc74cfc893c4b454cfcc190a51fc9e9b6b265b
- SHA256
  
  1ec0a7cf579b43db873c885bb6fcee2e082ef92fe423372acec2cab9bd9040c0
- SHA512
  
  ece505a79a2e2b84b731ece8024e37f4da579f6af1555ad6ae2088c5fe4c5884819e64a4ca7b42fcee464912179e88a9782566cf5f2ff18f9bf63121e5045b01
Score

10^/10

echelon redline sapphire infostealer spyware stealer suricata
- Echelon
  Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
  stealer spyware echelon
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
  suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
  suricata
- suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
  suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
  suricata
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

echelonredlinesapphireinfostealerspywarestealersuricata

© 2018-2024

Terms | Privacy