Overview

overview

10

Static

static

7

22a4e3fe84...d1.exe

windows7-x64

7

22a4e3fe84...d1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    22a4e3fe84c4bb3e79b289ac053c77d1

  • Size

    1.9MB

  • Sample

    231231-blhlgaede5

  • MD5

    22a4e3fe84c4bb3e79b289ac053c77d1

  • SHA1

    7fe44f740fb2eaf7ffb85520e06e4149fa443d84

  • SHA256

    f14c125600acad1e6aa330deb5aca520f3fa83e747d2e094d4a337e83b413da5

  • SHA512

    86d6e0ac0613f33b47e59f2c8f9fa8d7bf34b3bfd41bb655e6fb39e133e7d4ee2183c95852edaf173a1e6a089943355c87f17a297672f07db5b56a422ecc769c

  • SSDEEP

    24576:C3q4nvYveRLfRq3hwwy8nCAlmd/l/hAot8rhhUF54clNf7+6uHAW92zt/sWu2BSW:74nQe5qWGYlZA88to54clgLH+tkWJ0

Score
10/10
echelonspywarestealervmprotect

Malware Config

Targets

    • Target

      22a4e3fe84c4bb3e79b289ac053c77d1

    • Size

      1.9MB

    • MD5

      22a4e3fe84c4bb3e79b289ac053c77d1

    • SHA1

      7fe44f740fb2eaf7ffb85520e06e4149fa443d84

    • SHA256

      f14c125600acad1e6aa330deb5aca520f3fa83e747d2e094d4a337e83b413da5

    • SHA512

      86d6e0ac0613f33b47e59f2c8f9fa8d7bf34b3bfd41bb655e6fb39e133e7d4ee2183c95852edaf173a1e6a089943355c87f17a297672f07db5b56a422ecc769c

    • SSDEEP

      24576:C3q4nvYveRLfRq3hwwy8nCAlmd/l/hAot8rhhUF54clNf7+6uHAW92zt/sWu2BSW:74nQe5qWGYlZA88to54clgLH+tkWJ0

    Score
    10/10
    vmprotectechelonspywarestealer

    • Echelon

      Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

      stealerspywareechelon

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks