Overview

overview

10

Static

static

10

b4de3be826...40.exe

windows7-x64

10

b4de3be826...40.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b4de3be826cc5cbfcb56f0fb2afc683691a46083a6f3b15cc79ddc716633fb40.zip

  • Size

    1.2MB

  • Sample

    230329-tvfgksha47

  • MD5

    28651529aeab9e3e18863e4069c98f5f

  • SHA1

    26f0adddab66b93378cbe75b6272d08e9dd01bfd

  • SHA256

    83a299eef7ec3ed839ef8892b0d63fac6e38ab64fe4ca4ef293e090bf5e95e6c

  • SHA512

    c13e28d1b56e985a60227c357b7dacb54d7c9134b3a5a3e035aac5ef4eb294dd945867cd5885a679ffc244181d9aa1f9b5244e36e0b389a07a354a14b7a2a314

  • SSDEEP

    24576:Jdt9VtBEqkAi/YnzuU7JO331Tdy9e55zgeaT/naTkiny+g4aD5Eq5YNi:J5BEDAi/YnSH1TdH5zsaTkin1g46Vb

Score
10/10
echelonspywarestealer

Malware Config

Targets

    • Target

      b4de3be826cc5cbfcb56f0fb2afc683691a46083a6f3b15cc79ddc716633fb40

    • Size

      1.5MB

    • MD5

      9ec7eeab9d88c1dca684b1c619c78861

    • SHA1

      921c158f3b40f25a58e78b6154d8c9a482563d88

    • SHA256

      b4de3be826cc5cbfcb56f0fb2afc683691a46083a6f3b15cc79ddc716633fb40

    • SHA512

      4817dc4406adcc0a47aeaad62120862f62c58425e0790fed01e41dbe2f3be51febdce958355184b7984274befff884eeab26a5113363c5ae5037e4d03e580e04

    • SSDEEP

      24576:pqvk70TrcnXpatsCu7IfLKZnikPhhUF54clNf7+6uHAW92zt/sWu2BSMCqDoRf:wkQTA5Qw7CSikJo54clgLH+tkWJ0NR

    Score
    10/10
    echelonspywarestealer

    • Detects Echelon Stealer payload

    • Echelon

      Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

      stealerspywareechelon

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks