echelon | 8a7bd81348d196411870662f20f8070ebc068ee21de4cbae342ea44da41da0bc | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

8a7bd81348d196411870662f20f8070ebc068ee21de4cbae342ea44da41da0bc
Size

277KB
Sample

230324-1ggaaabf6z
MD5

0ae23cd6bb94954011e39d65cd859740
SHA1

53b9b06b65c708eff41deb34d221563ac77453fa
SHA256

8a7bd81348d196411870662f20f8070ebc068ee21de4cbae342ea44da41da0bc
SHA512

e913898913e49cb170fde0cbee257fd2af0fb9d931daeeb3d8902b44b14e7ab6ee30d8dc118ff95e5bc2f8f6e827fa0abb94a8d351c3b075c5f1431f268083a8
SSDEEP

3072:exlPvo2dcvcCN75ABlfTynGydZxALCyFI1VENsRyWf8Ml7sWYu0ZWnMWN8aeeL:e9gVZaTynKCGI0HWf8SYWY6Mva

Score

10^/10

echelon raccoon smokeloader b68788975ed4f9b62a22d17711a68c8f sprg backdoor persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

8a7bd81348d196411870662f20f8070ebc068ee21de4cbae342ea44da41da0bc.exe

Resource

win10v2004-20230220-en

echelon raccoon smokeloader b68788975ed4f9b62a22d17711a68c8f sprg backdoor persistence spyware stealer trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Botnet

sprg

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/

rc4.i32

rc4.i32

Extracted

Family

raccoon

Botnet

b68788975ed4f9b62a22d17711a68c8f

C2

http://185.106.92.151

http://185.106.92.27

rc4.plain

Targets

- Target
  
  8a7bd81348d196411870662f20f8070ebc068ee21de4cbae342ea44da41da0bc
- Size
  
  277KB
- MD5
  
  0ae23cd6bb94954011e39d65cd859740
- SHA1
  
  53b9b06b65c708eff41deb34d221563ac77453fa
- SHA256
  
  8a7bd81348d196411870662f20f8070ebc068ee21de4cbae342ea44da41da0bc
- SHA512
  
  e913898913e49cb170fde0cbee257fd2af0fb9d931daeeb3d8902b44b14e7ab6ee30d8dc118ff95e5bc2f8f6e827fa0abb94a8d351c3b075c5f1431f268083a8
- SSDEEP
  
  3072:exlPvo2dcvcCN75ABlfTynGydZxALCyFI1VENsRyWf8Ml7sWYu0ZWnMWN8aeeL:e9gVZaTynKCGI0HWf8SYWY6Mva
Score

10^/10

echelon raccoon smokeloader b68788975ed4f9b62a22d17711a68c8f sprg backdoor persistence spyware stealer trojan
- Detects Echelon Stealer payload
- Echelon
  Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
  stealer spyware echelon
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

echelonraccoonsmokeloaderb68788975ed4f9b62a22d17711a68c8fsprgbackdoorpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy