Overview

overview

10

Static

static

ca1a48eeed...50.exe

windows7_x64

10

ca1a48eeed...50.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ca1a48eeed8567de43d4d1acf386b604273ea2a62e3fd499dfb5e91e7ce22f50

  • Size

    2.7MB

  • Sample

    220326-ybyk9sdacr

  • MD5

    945e6f800ad1f19f4bc834fdb47d7866

  • SHA1

    704fe39f66ac3f63d35cf9f920cfeb235bc68052

  • SHA256

    ca1a48eeed8567de43d4d1acf386b604273ea2a62e3fd499dfb5e91e7ce22f50

  • SHA512

    59e978e408385033d2c16440c15b2a54b24f4aedecc5e235fca8d6981fa3eff0525137a5ea910cf8173b53958ffd2d29c1452bd530eb5d65952fbc9c34876db7

Score
10/10
echeloncollectionspywarestealer

Malware Config

Targets

    • Target

      ca1a48eeed8567de43d4d1acf386b604273ea2a62e3fd499dfb5e91e7ce22f50

    • Size

      2.7MB

    • MD5

      945e6f800ad1f19f4bc834fdb47d7866

    • SHA1

      704fe39f66ac3f63d35cf9f920cfeb235bc68052

    • SHA256

      ca1a48eeed8567de43d4d1acf386b604273ea2a62e3fd499dfb5e91e7ce22f50

    • SHA512

      59e978e408385033d2c16440c15b2a54b24f4aedecc5e235fca8d6981fa3eff0525137a5ea910cf8173b53958ffd2d29c1452bd530eb5d65952fbc9c34876db7

    Score
    10/10
    echeloncollectionspywarestealer

    • Echelon

      Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

      stealerspywareechelon

    • Echelon log file

      Detects a log file produced by Echelon.

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks