Overview

overview

10

Static

static

7

1a69935073...f8.exe

windows7-x64

7

1a69935073...f8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1a69935073fb2ff90d74e75428854bf8

  • Size

    1.9MB

  • Sample

    231224-3p3vcsfhc6

  • MD5

    1a69935073fb2ff90d74e75428854bf8

  • SHA1

    41abbb5100a64a9637cd5af6b678902baf731013

  • SHA256

    3422b33a307f80a5dad2882982e061d1ed496f7a1b5c6541fdde8cbab133af7a

  • SHA512

    cdf36b6ce52de3447154d64d3c3d180b8a540f51d2c60cac1bd04b440e51c1050cbb16a15935ffc5c1c2b93b0a4c3d26c0278c612f6171835b09bc650342538b

  • SSDEEP

    49152:3eSgHKhG7DuyiTDi+EjIJo54clgLH+tkWJ0:upq47DfsibIFcKHgkWJ0

Score
10/10
echelonspywarestealervmprotect

Malware Config

Targets

    • Target

      1a69935073fb2ff90d74e75428854bf8

    • Size

      1.9MB

    • MD5

      1a69935073fb2ff90d74e75428854bf8

    • SHA1

      41abbb5100a64a9637cd5af6b678902baf731013

    • SHA256

      3422b33a307f80a5dad2882982e061d1ed496f7a1b5c6541fdde8cbab133af7a

    • SHA512

      cdf36b6ce52de3447154d64d3c3d180b8a540f51d2c60cac1bd04b440e51c1050cbb16a15935ffc5c1c2b93b0a4c3d26c0278c612f6171835b09bc650342538b

    • SSDEEP

      49152:3eSgHKhG7DuyiTDi+EjIJo54clgLH+tkWJ0:upq47DfsibIFcKHgkWJ0

    Score
    10/10
    vmprotectechelonspywarestealer

    • Echelon

      Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

      stealerspywareechelon

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks