Overview

overview

10

Static

static

10

62b0221391...55.exe

windows7-x64

10

62b0221391...55.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    139s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-12-2023 01:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    62b0221391c3a3b97dc587329b5ecf17e4435515026072f2419503ceefc2a455.exe

  • Size

    780KB

  • MD5

    d8cb800bdea9202ffcfe01bfcbf3f8da

  • SHA1

    0c643c77649b59ddd141d9fa02724b1408d8ca28

  • SHA256

    62b0221391c3a3b97dc587329b5ecf17e4435515026072f2419503ceefc2a455

  • SHA512

    4eb5c8c6f3995d9311a39886a6f40b32074b45a0bd8b200b0dd047dc5d53d39e28dddf336cdffa2f5780097d0d28f5e0c0d8fcd68228755b840d95a2badbfbe9

  • SSDEEP

    12288:9uReJkcXyjgJ7Isn1wA6BBkeDTONbIcAA:seKcnJ7IgwA6DCNbzB

Score
10/10
echelonspywarestealer

Malware Config

Signatures

  • Detects Echelon Stealer payload 1 IoCs
  • Echelon

    Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

    stealerspywareechelon
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\62b0221391c3a3b97dc587329b5ecf17e4435515026072f2419503ceefc2a455.exe
    "C:\Users\Admin\AppData\Local\Temp\62b0221391c3a3b97dc587329b5ecf17e4435515026072f2419503ceefc2a455.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4260-0-0x000001F7F8D40000-0x000001F7F8E0A000-memory.dmp

    Filesize

    808KB

    Download

  • memory/4260-1-0x00007FFEA6D30000-0x00007FFEA77F1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4260-2-0x000001F7FB2C0000-0x000001F7FB2D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4260-3-0x00007FFEA6D30000-0x00007FFEA77F1000-memory.dmp

    Filesize

    10.8MB

    Download