echelon | 12fddd87e81d0e3b6f62f79af43a483528ae278c0f555ced9ab27d6ba9441125 | Triage

Submit
Reports

Overview

overview

Static

static

1

aace25e181...in.exe

windows7-x64

aace25e181...in.exe

windows10-2004-x64

Sharing

General

Target

aace25e181c08dbc3348e22f8864b82d.bin.exe
Size

1.6MB
Sample

230314-sdvz9sgb37
MD5

aace25e181c08dbc3348e22f8864b82d
SHA1

6c389364ebbc56bd7ec38a9b9b35dfd6347844e2
SHA256

12fddd87e81d0e3b6f62f79af43a483528ae278c0f555ced9ab27d6ba9441125
SHA512

2ce883b342d26564b011bc5a365317a76201e7bd8977498d5d88f4343e5715f7a72540b9f7fd0c6c820285e906afa0f48662316d1c00ae9c30cd6f7f72b9c534
SSDEEP

12288:mKWa6AbsDI0slfH/1G02NVjA7HcHQCrZYyyvSoDPs0rYGnjMevnb880ymljs:fPs4diQcwCruyyjsKIonHToj

Score

10^/10

echelon collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

aace25e181c08dbc3348e22f8864b82d.bin.exe

Resource

win7-20230220-en

echelon spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

aace25e181c08dbc3348e22f8864b82d.bin.exe

Resource

win10v2004-20230220-en

echelon collection spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  aace25e181c08dbc3348e22f8864b82d.bin.exe
- Size
  
  1.6MB
- MD5
  
  aace25e181c08dbc3348e22f8864b82d
- SHA1
  
  6c389364ebbc56bd7ec38a9b9b35dfd6347844e2
- SHA256
  
  12fddd87e81d0e3b6f62f79af43a483528ae278c0f555ced9ab27d6ba9441125
- SHA512
  
  2ce883b342d26564b011bc5a365317a76201e7bd8977498d5d88f4343e5715f7a72540b9f7fd0c6c820285e906afa0f48662316d1c00ae9c30cd6f7f72b9c534
- SSDEEP
  
  12288:mKWa6AbsDI0slfH/1G02NVjA7HcHQCrZYyyvSoDPs0rYGnjMevnb880ymljs:fPs4diQcwCruyyjsKIonHToj
Score

10^/10

echelon spyware stealer collection
- Detects Echelon Stealer payload
- Echelon
  Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
  stealer spyware echelon
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

echelonspywarestealer

behavioral2

echeloncollectionspywarestealer

© 2018-2024

Terms | Privacy