echelon | 54ea2a61aa910b1286c4edaea7e386f98fd69bdd3b9b70917e5f90a87fb7af6b | Triage

Submit
Reports

Overview

overview

Static

static

54ea2a61aa...6b.exe

windows7_x64

54ea2a61aa...6b.exe

windows10-2004_x64

Sharing

General

Target

54ea2a61aa910b1286c4edaea7e386f98fd69bdd3b9b70917e5f90a87fb7af6b
Size

1.4MB
Sample

220309-r61wjscccj
MD5

96127d9e1b2cb73d2c730948a775b392
SHA1

79984d083c2f2f068c1cd95a83098b86bed49016
SHA256

54ea2a61aa910b1286c4edaea7e386f98fd69bdd3b9b70917e5f90a87fb7af6b
SHA512

3d9e99b0150f0c0f39108a7ccc45af3736917b7368212b36bf14b4a59c83485ede0cac25bc764ecca72ae72fbf39624f6d6a8bedb65ce2cae73574b617db04c9

Score

10^/10

echelon collection discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

54ea2a61aa910b1286c4edaea7e386f98fd69bdd3b9b70917e5f90a87fb7af6b.exe

Resource

win7-en-20211208

echelon collection discovery spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

54ea2a61aa910b1286c4edaea7e386f98fd69bdd3b9b70917e5f90a87fb7af6b.exe

Resource

win10v2004-en-20220113

echelon collection discovery spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  54ea2a61aa910b1286c4edaea7e386f98fd69bdd3b9b70917e5f90a87fb7af6b
- Size
  
  1.4MB
- MD5
  
  96127d9e1b2cb73d2c730948a775b392
- SHA1
  
  79984d083c2f2f068c1cd95a83098b86bed49016
- SHA256
  
  54ea2a61aa910b1286c4edaea7e386f98fd69bdd3b9b70917e5f90a87fb7af6b
- SHA512
  
  3d9e99b0150f0c0f39108a7ccc45af3736917b7368212b36bf14b4a59c83485ede0cac25bc764ecca72ae72fbf39624f6d6a8bedb65ce2cae73574b617db04c9
Score

10^/10

echelon collection discovery spyware stealer
- Echelon
  Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
  stealer spyware echelon
- Echelon log file
  Detects a log file produced by Echelon.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

echeloncollectiondiscoveryspywarestealer

behavioral2

echeloncollectiondiscoveryspywarestealer

© 2018-2024

Terms | Privacy