echelon | 36c04fff4cb95fcc397afe6ab4d32a3e9dc9c4d68e621f56dd9f8ae975a4a1fe | Triage

Submit
Reports

Overview

overview

Static

static

1

35755b2520...ae.exe

windows7-x64

35755b2520...ae.exe

windows10-2004-x64

Sharing

General

Target

35755b2520fd50c49cbdcce4627a79ae
Size

944KB
Sample

231225-xee3nagba3
MD5

35755b2520fd50c49cbdcce4627a79ae
SHA1

03d5ca3ba3eb3a6b92f2038248510cea88ea3952
SHA256

36c04fff4cb95fcc397afe6ab4d32a3e9dc9c4d68e621f56dd9f8ae975a4a1fe
SHA512

124943e2486c9ac50ee9a883f0b230447cf8de3f29cd0c299a3cb457a2f58cbb26681fdabdd2368bf72301a304a53c6b0d0e6870544e487b1cae58d8e97febbc
SSDEEP

12288:bGH/W5wqrqsyLDMKKMBhHsvhw46Dd9QC1uv3JVMO0PbkDaNarG3i6va/4JN5J:bceI1HfHs7U0/JGA20Gy6i/e9

Score

10^/10

echelon zgrat collection discovery rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

35755b2520fd50c49cbdcce4627a79ae.exe

Resource

win7-20231215-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

35755b2520fd50c49cbdcce4627a79ae.exe

Resource

win10v2004-20231215-en

echelon zgrat collection discovery rat spyware stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  35755b2520fd50c49cbdcce4627a79ae
- Size
  
  944KB
- MD5
  
  35755b2520fd50c49cbdcce4627a79ae
- SHA1
  
  03d5ca3ba3eb3a6b92f2038248510cea88ea3952
- SHA256
  
  36c04fff4cb95fcc397afe6ab4d32a3e9dc9c4d68e621f56dd9f8ae975a4a1fe
- SHA512
  
  124943e2486c9ac50ee9a883f0b230447cf8de3f29cd0c299a3cb457a2f58cbb26681fdabdd2368bf72301a304a53c6b0d0e6870544e487b1cae58d8e97febbc
- SSDEEP
  
  12288:bGH/W5wqrqsyLDMKKMBhHsvhw46Dd9QC1uv3JVMO0PbkDaNarG3i6va/4JN5J:bceI1HfHs7U0/JGA20Gy6i/e9
Score

10^/10

zgrat rat echelon collection discovery spyware stealer
- Detect ZGRat V1
- Echelon
  Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
  stealer spyware echelon
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

echelonzgratcollectiondiscoveryratspywarestealer

© 2018-2024

Terms | Privacy