Overview

overview

10

Static

static

3

69c10e8fa7...a7.exe

windows7-x64

10

69c10e8fa7...a7.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    1s
  • max time network
    86s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-12-2023 11:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    69c10e8fa7d800c4a24b36dffec2cea7.exe

  • Size

    2.4MB

  • MD5

    69c10e8fa7d800c4a24b36dffec2cea7

  • SHA1

    07bea76542382f9613d4de5da9b36abb3276988d

  • SHA256

    562720cf37245f6bdf71692343b7d7ccc2187e45979e957b86407a21aa83854c

  • SHA512

    4cd0dbb29192a8ebc31abd673aa7983a6e2f24e89cc684fb720777aaf5a692010c6f800e1f50b9ffbc9dea397d97a91118a0325cfc4337d83cb2296a6b68bd6f

  • SSDEEP

    49152:IzecMn91vjBteouiARLrW8oj12yoYBGfUjAIgX2z2r:gu9dNtb4nWpjIYBCv9

Score
10/10
echelonspywarestealer

Malware Config

Signatures

  • Detects Echelon Stealer payload 1 IoCs
  • Echelon

    Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

    stealerspywareechelon
  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\69c10e8fa7d800c4a24b36dffec2cea7.exe
    "C:\Users\Admin\AppData\Local\Temp\69c10e8fa7d800c4a24b36dffec2cea7.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:3364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3364-0-0x0000000000E30000-0x00000000013E6000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/3364-3-0x0000000006CE0000-0x0000000006D46000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3364-4-0x0000000006C60000-0x0000000006C70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3364-2-0x0000000074920000-0x00000000750D0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3364-1-0x0000000000E30000-0x00000000013E6000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/3364-5-0x0000000007470000-0x00000000074E6000-memory.dmp

    Filesize

    472KB

    Download

  • memory/3364-9-0x0000000007FC0000-0x000000000805C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/3364-17-0x0000000008810000-0x00000000088A2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/3364-18-0x0000000008E60000-0x0000000009404000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3364-57-0x0000000000E30000-0x00000000013E6000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/3364-59-0x0000000074920000-0x00000000750D0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3364-60-0x0000000006C60000-0x0000000006C70000-memory.dmp

    Filesize

    64KB

    Download