echelon | 11d284da38a3e8a66b68d6d80dcb6d307f8c8fc263ef460e7860fdad4fc76f20 | Triage

Submit
Reports

Overview

overview

Static

static

11d284da38...20.exe

windows7-x64

11d284da38...20.exe

windows10-2004-x64

Resubmissions

24-11-2022 20:56

221124-zq55bshe78 10

24-11-2022 20:52

221124-zn5qsace3t 8

Sharing

General

Target

11d284da38a3e8a66b68d6d80dcb6d307f8c8fc263ef460e7860fdad4fc76f20
Size

2.3MB
Sample

221124-zq55bshe78
MD5

060eb923702159f7e6c52e7cc1ccb806
SHA1

01dd985cc05a78a34708168a0a3c679b26992177
SHA256

11d284da38a3e8a66b68d6d80dcb6d307f8c8fc263ef460e7860fdad4fc76f20
SHA512

306f8adea85d0dbe3df9b76c620fbd70dd4e1ba7ec8cacad4c2564f89be8e893c09e995304fca54da43c60da8697106463607d674b3f1d32d2dec1922b7f52f1
SSDEEP

49152:PHlfU0WtYPWn0mWZhjzXbJKMXKL1i9kjpPSaodI8WHVakO4mVSb+KuGLU:PN5ktELIBlPSpWROv/Ke

Score

10^/10

echelon spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

11d284da38a3e8a66b68d6d80dcb6d307f8c8fc263ef460e7860fdad4fc76f20.exe

Resource

win7-20220812-en

echelon spyware stealer

windows7-x64

14 signatures

60 seconds

Behavioral task

behavioral2

Sample

11d284da38a3e8a66b68d6d80dcb6d307f8c8fc263ef460e7860fdad4fc76f20.exe

Resource

win10v2004-20220812-en

echelon spyware stealer

windows10-2004-x64

8 signatures

60 seconds

Malware Config

Targets

- Target
  
  11d284da38a3e8a66b68d6d80dcb6d307f8c8fc263ef460e7860fdad4fc76f20
- Size
  
  2.3MB
- MD5
  
  060eb923702159f7e6c52e7cc1ccb806
- SHA1
  
  01dd985cc05a78a34708168a0a3c679b26992177
- SHA256
  
  11d284da38a3e8a66b68d6d80dcb6d307f8c8fc263ef460e7860fdad4fc76f20
- SHA512
  
  306f8adea85d0dbe3df9b76c620fbd70dd4e1ba7ec8cacad4c2564f89be8e893c09e995304fca54da43c60da8697106463607d674b3f1d32d2dec1922b7f52f1
- SSDEEP
  
  49152:PHlfU0WtYPWn0mWZhjzXbJKMXKL1i9kjpPSaodI8WHVakO4mVSb+KuGLU:PN5ktELIBlPSpWROv/Ke
Score

10^/10

echelon spyware stealer
- Echelon
  Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
  stealer spyware echelon
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

echelonspywarestealer

behavioral2

echelonspywarestealer

© 2018-2024

Terms | Privacy