General
-
Target
9323e2a6cbf294a47ba3a632ac6d02c7ea0c0d49fbf6582befc574a700b43cea
-
Size
2.6MB
-
Sample
230408-hwwpeacc28
-
MD5
7615de772c95e664bd7cdb315205a143
-
SHA1
e5491ee6f2d7d63953d5ea601ef307d26188afaf
-
SHA256
9323e2a6cbf294a47ba3a632ac6d02c7ea0c0d49fbf6582befc574a700b43cea
-
SHA512
0b640cbca39b7955a1b724e6b2ec30a6d899d1401c670f0bfc4955b98797bce01fa1dd11c1777e57137f0c4e1e45022eabe1a430327759b1c48aa070d2b95334
-
SSDEEP
49152:sB41RPvlrEPdZp32cJ0nxoEXLlivMXfDVOwxlBxj6xIAX:G8PvEnzJhEXZGMXfDVhHBgIg
Malware Config
Targets
-
-
Target
9323e2a6cbf294a47ba3a632ac6d02c7ea0c0d49fbf6582befc574a700b43cea
-
Size
2.6MB
-
MD5
7615de772c95e664bd7cdb315205a143
-
SHA1
e5491ee6f2d7d63953d5ea601ef307d26188afaf
-
SHA256
9323e2a6cbf294a47ba3a632ac6d02c7ea0c0d49fbf6582befc574a700b43cea
-
SHA512
0b640cbca39b7955a1b724e6b2ec30a6d899d1401c670f0bfc4955b98797bce01fa1dd11c1777e57137f0c4e1e45022eabe1a430327759b1c48aa070d2b95334
-
SSDEEP
49152:sB41RPvlrEPdZp32cJ0nxoEXLlivMXfDVOwxlBxj6xIAX:G8PvEnzJhEXZGMXfDVhHBgIg
Score10/10-
Detects Echelon Stealer payload
-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-