echelon | e29d997a018fcaed3a5d6296b72d9845c899a5211aeeafad8762869c906447b8 | Triage

Submit
Reports

Overview

overview

Static

static

91e732fa9b...0e.exe

windows7-x64

91e732fa9b...0e.exe

windows10-2004-x64

Sharing

General

Target

91e732fa9ba5234e1978aac4b4a59a0e
Size

631KB
Sample

231219-y3v98acffj
MD5

91e732fa9ba5234e1978aac4b4a59a0e
SHA1

fb87bfff59f2ccddd3830a70b2d581532be3f3aa
SHA256

e29d997a018fcaed3a5d6296b72d9845c899a5211aeeafad8762869c906447b8
SHA512

76fe05dcf0dea26a5210dd92c1ae3c357f43f5c170642e99a50d3c7b412d25d1518a958960e25230fb6c055100159f29c080fb354f2cbe93a805ba419fb01976
SSDEEP

12288:q+khQMwkEo9EtZLJLUf9snBS4csPYae6qfzAAA:q+khQMlEthhUF54clNf7AB

Score

10^/10

echelon spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

91e732fa9ba5234e1978aac4b4a59a0e.exe

Resource

win7-20231215-en

echelon spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

91e732fa9ba5234e1978aac4b4a59a0e.exe

Resource

win10v2004-20231215-en

echelon spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  91e732fa9ba5234e1978aac4b4a59a0e
- Size
  
  631KB
- MD5
  
  91e732fa9ba5234e1978aac4b4a59a0e
- SHA1
  
  fb87bfff59f2ccddd3830a70b2d581532be3f3aa
- SHA256
  
  e29d997a018fcaed3a5d6296b72d9845c899a5211aeeafad8762869c906447b8
- SHA512
  
  76fe05dcf0dea26a5210dd92c1ae3c357f43f5c170642e99a50d3c7b412d25d1518a958960e25230fb6c055100159f29c080fb354f2cbe93a805ba419fb01976
- SSDEEP
  
  12288:q+khQMwkEo9EtZLJLUf9snBS4csPYae6qfzAAA:q+khQMlEthhUF54clNf7AB
Score

10^/10

echelon spyware stealer
- Detects Echelon Stealer payload
- Echelon
  Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
  stealer spyware echelon
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

echelonspywarestealer

behavioral2

echelonspywarestealer

© 2018-2024

Terms | Privacy