echelon | 2fcead4dde3efc15cfa2a1acd887d36535b97eada854a189324dc65013e406b8 | Triage

Submit
Reports

Overview

overview

Static

static

2fcead4dde...b8.exe

windows7_x64

2fcead4dde...b8.exe

windows10_x64

Sharing

General

Target

2fcead4dde3efc15cfa2a1acd887d36535b97eada854a189324dc65013e406b8
Size

1.5MB
Sample

220131-d8gzkafba4
MD5

42b7ad9f68861217fa003d3154c0d779
SHA1

7574bc07cfb34148fca3e18c87c64554a7b8529a
SHA256

2fcead4dde3efc15cfa2a1acd887d36535b97eada854a189324dc65013e406b8
SHA512

d457fd41ebf63fa24959fadd5be4600da790b43025025163d620e662e219086c265545494bc0fd40eb71463e64af0f651f1fe9509a40ce67fac625f98e20cb53

Score

10^/10

echelon collection discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

2fcead4dde3efc15cfa2a1acd887d36535b97eada854a189324dc65013e406b8.exe

Resource

win7-en-20211208

echelon collection discovery spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

2fcead4dde3efc15cfa2a1acd887d36535b97eada854a189324dc65013e406b8.exe

Resource

win10-en-20211208

echelon collection discovery spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  2fcead4dde3efc15cfa2a1acd887d36535b97eada854a189324dc65013e406b8
- Size
  
  1.5MB
- MD5
  
  42b7ad9f68861217fa003d3154c0d779
- SHA1
  
  7574bc07cfb34148fca3e18c87c64554a7b8529a
- SHA256
  
  2fcead4dde3efc15cfa2a1acd887d36535b97eada854a189324dc65013e406b8
- SHA512
  
  d457fd41ebf63fa24959fadd5be4600da790b43025025163d620e662e219086c265545494bc0fd40eb71463e64af0f651f1fe9509a40ce67fac625f98e20cb53
Score

10^/10

echelon collection discovery spyware stealer
- Echelon
  Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
  stealer spyware echelon
- Echelon log file
  Detects a log file produced by Echelon.
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

echeloncollectiondiscoveryspywarestealer

behavioral2

echeloncollectiondiscoveryspywarestealer

© 2018-2024

Terms | Privacy