echelon | b4de3be826cc5cbfcb56f0fb2afc683691a46083a6f3b15cc79ddc716633fb40[.]zip

General

Target

b4de3be826cc5cbfcb56f0fb2afc683691a46083a6f3b15cc79ddc716633fb40.zip
Size

1.2MB
MD5

28651529aeab9e3e18863e4069c98f5f
SHA1

26f0adddab66b93378cbe75b6272d08e9dd01bfd
SHA256

83a299eef7ec3ed839ef8892b0d63fac6e38ab64fe4ca4ef293e090bf5e95e6c
SHA512

c13e28d1b56e985a60227c357b7dacb54d7c9134b3a5a3e035aac5ef4eb294dd945867cd5885a679ffc244181d9aa1f9b5244e36e0b389a07a354a14b7a2a314
SSDEEP

24576:Jdt9VtBEqkAi/YnzuU7JO331Tdy9e55zgeaT/naTkiny+g4aD5Eq5YNi:J5BEDAi/YnSH1TdH5zsaTkin1g46Vb

Score

10^/10

echelon

Detects Echelon Stealer payload 1 IoCs

resource	yara_rule
static1/unpack001/b4de3be826cc5cbfcb56f0fb2afc683691a46083a6f3b15cc79ddc716633fb40	family_echelon

b4de3be826cc5cbfcb56f0fb2afc683691a46083a6f3b15cc79ddc716633fb40.zip
.zip

Password: infected
b4de3be826cc5cbfcb56f0fb2afc683691a46083a6f3b15cc79ddc716633fb40
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ