echelon | a6127104ba331a8430306cacf11298af4d754a3c1991e170f38dd742a9f816d2 | Triage

Submit
Reports

Overview

overview

Static

static

a6127104ba...d2.exe

windows7_x64

a6127104ba...d2.exe

windows10-2004_x64

Sharing

General

Target

a6127104ba331a8430306cacf11298af4d754a3c1991e170f38dd742a9f816d2
Size

1.8MB
Sample

220309-q8wtyabgbj
MD5

07f3f1699ca50451845d7704456f85bd
SHA1

e6f4fb512f3dfe5f53181d9b38f12b75b454dba7
SHA256

a6127104ba331a8430306cacf11298af4d754a3c1991e170f38dd742a9f816d2
SHA512

547feed44c7529de9f22967ee2942a0bcec03faaa75853cb336d7fc8564fd1d77fc7800dcf5a508546819413aca58c8b826857ae02835b9a432d655adbff31e2

Score

10^/10

echelon collection discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

a6127104ba331a8430306cacf11298af4d754a3c1991e170f38dd742a9f816d2.exe

Resource

win7-20220223-en

echelon collection discovery spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

a6127104ba331a8430306cacf11298af4d754a3c1991e170f38dd742a9f816d2.exe

Resource

win10v2004-en-20220113

echelon spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  a6127104ba331a8430306cacf11298af4d754a3c1991e170f38dd742a9f816d2
- Size
  
  1.8MB
- MD5
  
  07f3f1699ca50451845d7704456f85bd
- SHA1
  
  e6f4fb512f3dfe5f53181d9b38f12b75b454dba7
- SHA256
  
  a6127104ba331a8430306cacf11298af4d754a3c1991e170f38dd742a9f816d2
- SHA512
  
  547feed44c7529de9f22967ee2942a0bcec03faaa75853cb336d7fc8564fd1d77fc7800dcf5a508546819413aca58c8b826857ae02835b9a432d655adbff31e2
Score

10^/10

echelon collection discovery spyware stealer
- Echelon
  Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
  stealer spyware echelon
- Echelon log file
  Detects a log file produced by Echelon.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

echeloncollectiondiscoveryspywarestealer

behavioral2

echelonspywarestealer

© 2018-2024

Terms | Privacy