Analysis
-
max time kernel
139s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
26-12-2023 01:19
General
-
Target
62b0221391c3a3b97dc587329b5ecf17e4435515026072f2419503ceefc2a455.exe
-
Size
780KB
-
MD5
d8cb800bdea9202ffcfe01bfcbf3f8da
-
SHA1
0c643c77649b59ddd141d9fa02724b1408d8ca28
-
SHA256
62b0221391c3a3b97dc587329b5ecf17e4435515026072f2419503ceefc2a455
-
SHA512
4eb5c8c6f3995d9311a39886a6f40b32074b45a0bd8b200b0dd047dc5d53d39e28dddf336cdffa2f5780097d0d28f5e0c0d8fcd68228755b840d95a2badbfbe9
-
SSDEEP
12288:9uReJkcXyjgJ7Isn1wA6BBkeDTONbIcAA:seKcnJ7IgwA6DCNbzB
Score
10/10
Malware Config
Signatures
-
Detects Echelon Stealer payload 1 IoCs
-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\62b0221391c3a3b97dc587329b5ecf17e4435515026072f2419503ceefc2a455.exe"C:\Users\Admin\AppData\Local\Temp\62b0221391c3a3b97dc587329b5ecf17e4435515026072f2419503ceefc2a455.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4260-0-0x000001F7F8D40000-0x000001F7F8E0A000-memory.dmpFilesize
808KB
-
memory/4260-1-0x00007FFEA6D30000-0x00007FFEA77F1000-memory.dmpFilesize
10.8MB
-
memory/4260-2-0x000001F7FB2C0000-0x000001F7FB2D0000-memory.dmpFilesize
64KB
-
memory/4260-3-0x00007FFEA6D30000-0x00007FFEA77F1000-memory.dmpFilesize
10.8MB