echelon | d1fc6ef80db233abf776e6ef42d32ff1bdec24e9a2db777207b5cf4cecf782ff | Triage

Sharing

General

Target

d1fc6ef80db233abf776e6ef42d32ff1bdec24e9a2db777207b5cf4cecf782ff
Size

1.3MB
Sample

230129-y6lj7ade3x
MD5

9b046bf25f8f64c3a3d851a7e343fb2d
SHA1

6312a40d8a8d476087c3f1a5d5912380c8e43e13
SHA256

d1fc6ef80db233abf776e6ef42d32ff1bdec24e9a2db777207b5cf4cecf782ff
SHA512

fb19adb6282950c994644b8bab5b5e528a616ffede3014010f26205481945a594513410d47b65aacc631457cc6fc93ceaa006fd3e0febd2f32e7d38d579ad1cd
SSDEEP

24576:E0+NXeSCFGn4KVFz60xSa3ZbvdZpKuArpXp7A8Xrg1AX+Xmsb0gIBEkF+Pk+xE:E0+NJCFG4Kzz6MSAbvtKbj7H0g7jgwEw

Score

10^/10

echelon spyware stealer

Malware Config

Targets

- Target
  
  d1fc6ef80db233abf776e6ef42d32ff1bdec24e9a2db777207b5cf4cecf782ff
- Size
  
  1.3MB
- MD5
  
  9b046bf25f8f64c3a3d851a7e343fb2d
- SHA1
  
  6312a40d8a8d476087c3f1a5d5912380c8e43e13
- SHA256
  
  d1fc6ef80db233abf776e6ef42d32ff1bdec24e9a2db777207b5cf4cecf782ff
- SHA512
  
  fb19adb6282950c994644b8bab5b5e528a616ffede3014010f26205481945a594513410d47b65aacc631457cc6fc93ceaa006fd3e0febd2f32e7d38d579ad1cd
- SSDEEP
  
  24576:E0+NXeSCFGn4KVFz60xSa3ZbvdZpKuArpXp7A8Xrg1AX+Xmsb0gIBEkF+Pk+xE:E0+NJCFG4Kzz6MSAbvtKbj7H0g7jgwEw
Score

10^/10

echelon spyware stealer
- Echelon
  Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
  stealer spyware echelon
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

echelonspywarestealer