Overview

overview

10

Static

static

Lucky Fixed.exe

windows7_x64

8

Lucky Fixed.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Lucky Fixed.bin

  • Size

    1.5MB

  • Sample

    220711-plk89abdb8

  • MD5

    02346b31c94a650a16dea1a262db5153

  • SHA1

    a301b0d05d01a35b6e893d3d2ebe9bf8985ae434

  • SHA256

    2da5d10cdba79d8a8153eaf7ab3d4aad3afaf14c6d9098f7720858c61910948c

  • SHA512

    1b6bd5adc407829ffbfadea6e4d37b0b21baaac926fd909ed9fe0c7084a2f432df11a2640dd6423cff9a8beb0b4e11b272c2a02f48f75b64dc25f8b109838c9a

Score
10/10
echelonspywarestealer

Malware Config

Targets

    • Target

      Lucky Fixed.bin

    • Size

      1.5MB

    • MD5

      02346b31c94a650a16dea1a262db5153

    • SHA1

      a301b0d05d01a35b6e893d3d2ebe9bf8985ae434

    • SHA256

      2da5d10cdba79d8a8153eaf7ab3d4aad3afaf14c6d9098f7720858c61910948c

    • SHA512

      1b6bd5adc407829ffbfadea6e4d37b0b21baaac926fd909ed9fe0c7084a2f432df11a2640dd6423cff9a8beb0b4e11b272c2a02f48f75b64dc25f8b109838c9a

    Score
    10/10
    spywarestealerechelon

    • Echelon

      Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

      stealerspywareechelon

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks