Overview

overview

10

Static

static

10

3bfc582afc...50.exe

windows7-x64

10

3bfc582afc...50.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    74s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    28-12-2023 01:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3bfc582afc5a8ba63fe6d6fa7cf4633b0866ff70e7b0d7b6631f9dfdd3b37250.exe

  • Size

    592KB

  • MD5

    07bfa6051124f24ce093d2cf828a7478

  • SHA1

    c033ff32763829291f88ba29a4a7e8bdb5482156

  • SHA256

    3bfc582afc5a8ba63fe6d6fa7cf4633b0866ff70e7b0d7b6631f9dfdd3b37250

  • SHA512

    11e1d37d42df8bf88d6b5e121ae4f825584969654c4c5892a9bb333e89ed49361859d7f0b04e8c8c63a92fb2185c5c6778e5e82480fa0341805dfe54522147a4

  • SSDEEP

    12288:Y6urSvuRZLJLUf9snBS4csPYae6qfzcbAA:VvuRhhUF54clNf7cbB

Score
10/10
echelonspywarestealer

Malware Config

Signatures

  • Detects Echelon Stealer payload 2 IoCs
  • Echelon

    Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

    stealerspywareechelon
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3bfc582afc5a8ba63fe6d6fa7cf4633b0866ff70e7b0d7b6631f9dfdd3b37250.exe
    "C:\Users\Admin\AppData\Local\Temp\3bfc582afc5a8ba63fe6d6fa7cf4633b0866ff70e7b0d7b6631f9dfdd3b37250.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2780
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2780 -s 1228
      2⤵
        PID:2020

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2780-0-0x0000000001390000-0x000000000142A000-memory.dmp
      Filesize

      616KB

      Download
    • memory/2780-1-0x000007FEF5B80000-0x000007FEF656C000-memory.dmp
      Filesize

      9.9MB

      Download
    • memory/2780-2-0x000000001B0C0000-0x000000001B140000-memory.dmp
      Filesize

      512KB

      Download
    • memory/2780-3-0x000007FEF5B80000-0x000007FEF656C000-memory.dmp
      Filesize

      9.9MB

      Download