General
-
Target
test.exe
-
Size
35.9MB
-
Sample
220720-q81swsgbfj
-
MD5
1aa9acffe0e10bbb240e0dfa07936d38
-
SHA1
f0624cc7588dd3d8cb0a5f618afa518097aabb69
-
SHA256
950a2d9a7a0f39f9ab008c76c96e9fc8a93a0eefa5031d0aa01453657df07c18
-
SHA512
cd89eb5ab041a81f77f015b13485010b105704fc04125177c7045c950a4c40759a1f5359ec2e1f590bb8ee493e7b7f04e84f362c232953de6bbb32a386841b55
Malware Config
Targets
-
-
Target
test.exe
-
Size
35.9MB
-
MD5
1aa9acffe0e10bbb240e0dfa07936d38
-
SHA1
f0624cc7588dd3d8cb0a5f618afa518097aabb69
-
SHA256
950a2d9a7a0f39f9ab008c76c96e9fc8a93a0eefa5031d0aa01453657df07c18
-
SHA512
cd89eb5ab041a81f77f015b13485010b105704fc04125177c7045c950a4c40759a1f5359ec2e1f590bb8ee493e7b7f04e84f362c232953de6bbb32a386841b55
Score10/10-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-