General

  • Target

    42c949896f36865721df77ceb.bin

  • Size

    339KB

  • Sample

    230630-nyfzmahb87

  • MD5

    4748a2ba82d7978c1c5b82131bc38f39

  • SHA1

    a446ca3728add03317ab850542c6c7c64fc160e0

  • SHA256

    5c02b6ab9aa997caf55abe19e5123f5c7531ba58f3cb74ef01e18d278ff9aadd

  • SHA512

    0b9fd5c554e450550a16f26bc0669a7c8e1b9561c00c771ad28ed9b19153f3e1f7152767b0db45c6fa2bbabd94eb0562e0303bd5ee071b6b8fadd4788c476052

  • SSDEEP

    6144:X0ZL49nGuW6eqjr+1r9Ulpw1gcfa9y2YSX4PH64M/tHsRGi6ZaiGZnKtXMNH:Xus9nGrs+16lpwu6b3SUxiKio

Malware Config

Targets

    • Target

      f9f1b8511b6a2f81a35a80fff4880d38fa00c30b10ebb5aecccbfcfb1ff086af.exe

    • Size

      592KB

    • MD5

      42c949896f36865721df77cebebd9705

    • SHA1

      2c9fd967cd744340f133ab997280c62c6d1bd2a2

    • SHA256

      f9f1b8511b6a2f81a35a80fff4880d38fa00c30b10ebb5aecccbfcfb1ff086af

    • SHA512

      f3db8c7c6cd8672c2dd1c5716c75438e5c59706849caaa40453f26bb00da034d4cb44f3e15775679998d575bf15eddcce15c16f405fdc87b568a6705826ada79

    • SSDEEP

      12288:LeI8SoKDZLJLUf9snBS4csPYae6qfzqAA:9oKDhhUF54clNf7qB

    • Detects Echelon Stealer payload

    • Echelon

      Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks