General
-
Target
f6fdbda19458f6eb1380e0e0aaaaf979c49221c4c2a0255d9f78cb9112bdb239
-
Size
786KB
-
Sample
220415-ljsc1afgbm
-
MD5
7c9d76a439b166b02a57b7844f3eaf8b
-
SHA1
3fd3ab56d920cd366ef709f227261efe8c843582
-
SHA256
f6fdbda19458f6eb1380e0e0aaaaf979c49221c4c2a0255d9f78cb9112bdb239
-
SHA512
048bcbd394b053b2f61c544ab98b25da965c64820dbbf09c7aebf9201086cf530e106d6d458818c9e858f48d85df810c31fa5bd765825d05168818e5ef15f2fe
Malware Config
Targets
-
-
Target
f6fdbda19458f6eb1380e0e0aaaaf979c49221c4c2a0255d9f78cb9112bdb239
-
Size
786KB
-
MD5
7c9d76a439b166b02a57b7844f3eaf8b
-
SHA1
3fd3ab56d920cd366ef709f227261efe8c843582
-
SHA256
f6fdbda19458f6eb1380e0e0aaaaf979c49221c4c2a0255d9f78cb9112bdb239
-
SHA512
048bcbd394b053b2f61c544ab98b25da965c64820dbbf09c7aebf9201086cf530e106d6d458818c9e858f48d85df810c31fa5bd765825d05168818e5ef15f2fe
Score10/10-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
suricata: ET MALWARE Observed Malicious SSL Cert (Moist Stealer CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (Moist Stealer CnC)
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-