General

  • Target

    ca1a48eeed8567de43d4d1acf386b604273ea2a62e3fd499dfb5e91e7ce22f50

  • Size

    2MB

  • Sample

    220326-ybyk9sdacr

  • MD5

    945e6f800ad1f19f4bc834fdb47d7866

  • SHA1

    704fe39f66ac3f63d35cf9f920cfeb235bc68052

  • SHA256

    ca1a48eeed8567de43d4d1acf386b604273ea2a62e3fd499dfb5e91e7ce22f50

  • SHA512

    59e978e408385033d2c16440c15b2a54b24f4aedecc5e235fca8d6981fa3eff0525137a5ea910cf8173b53958ffd2d29c1452bd530eb5d65952fbc9c34876db7

Malware Config

Targets

    • Target

      ca1a48eeed8567de43d4d1acf386b604273ea2a62e3fd499dfb5e91e7ce22f50

    • Size

      2MB

    • MD5

      945e6f800ad1f19f4bc834fdb47d7866

    • SHA1

      704fe39f66ac3f63d35cf9f920cfeb235bc68052

    • SHA256

      ca1a48eeed8567de43d4d1acf386b604273ea2a62e3fd499dfb5e91e7ce22f50

    • SHA512

      59e978e408385033d2c16440c15b2a54b24f4aedecc5e235fca8d6981fa3eff0525137a5ea910cf8173b53958ffd2d29c1452bd530eb5d65952fbc9c34876db7

    • Echelon

      Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

    • Echelon log file

      Detects a log file produced by Echelon.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Collection

Email Collection

1
T1114

Tasks