echelon | 83a299eef7ec3ed839ef8892b0d63fac6e38ab64fe4ca4ef293e090bf5e95e6c | Triage

Submit
Reports

Overview

overview

Static

static

b4de3be826...40.exe

windows7-x64

b4de3be826...40.exe

windows10-2004-x64

Sharing

General

Target

b4de3be826cc5cbfcb56f0fb2afc683691a46083a6f3b15cc79ddc716633fb40.zip
Size

1.2MB
Sample

230329-tvfgksha47
MD5

28651529aeab9e3e18863e4069c98f5f
SHA1

26f0adddab66b93378cbe75b6272d08e9dd01bfd
SHA256

83a299eef7ec3ed839ef8892b0d63fac6e38ab64fe4ca4ef293e090bf5e95e6c
SHA512

c13e28d1b56e985a60227c357b7dacb54d7c9134b3a5a3e035aac5ef4eb294dd945867cd5885a679ffc244181d9aa1f9b5244e36e0b389a07a354a14b7a2a314
SSDEEP

24576:Jdt9VtBEqkAi/YnzuU7JO331Tdy9e55zgeaT/naTkiny+g4aD5Eq5YNi:J5BEDAi/YnSH1TdH5zsaTkin1g46Vb

Score

10^/10

echelon spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

b4de3be826cc5cbfcb56f0fb2afc683691a46083a6f3b15cc79ddc716633fb40.exe

Resource

win7-20230220-en

echelon spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

b4de3be826cc5cbfcb56f0fb2afc683691a46083a6f3b15cc79ddc716633fb40.exe

Resource

win10v2004-20230220-en

echelon spyware stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  b4de3be826cc5cbfcb56f0fb2afc683691a46083a6f3b15cc79ddc716633fb40
- Size
  
  1.5MB
- MD5
  
  9ec7eeab9d88c1dca684b1c619c78861
- SHA1
  
  921c158f3b40f25a58e78b6154d8c9a482563d88
- SHA256
  
  b4de3be826cc5cbfcb56f0fb2afc683691a46083a6f3b15cc79ddc716633fb40
- SHA512
  
  4817dc4406adcc0a47aeaad62120862f62c58425e0790fed01e41dbe2f3be51febdce958355184b7984274befff884eeab26a5113363c5ae5037e4d03e580e04
- SSDEEP
  
  24576:pqvk70TrcnXpatsCu7IfLKZnikPhhUF54clNf7+6uHAW92zt/sWu2BSMCqDoRf:wkQTA5Qw7CSikJo54clgLH+tkWJ0NR
Score

10^/10

echelon spyware stealer
- Detects Echelon Stealer payload
- Echelon
  Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
  stealer spyware echelon
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

echelonspywarestealer

behavioral2

echelonspywarestealer

© 2018-2024

Terms | Privacy