Overview

overview

10

Static

static

10

56b9cbe155...20.exe

windows7-x64

10

56b9cbe155...20.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    3s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/01/2024, 14:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    56b9cbe1556dd419bec522a473a70a20.exe

  • Size

    674KB

  • MD5

    56b9cbe1556dd419bec522a473a70a20

  • SHA1

    6077796a394c2235f87d02dfd14096ee3cc2fe78

  • SHA256

    e74ba4cb7a8950928fb8bc8f3089ca49c295dd4197afb89ddcee666685da6c0a

  • SHA512

    eccfb376ab6bbbe79e24b21fdd1c6c682675db04bb7b5574853eca30d79d9ee571a70ac3f7c29c933c2cbf906faca4c7cbbedd62e83194351f856bacf03bb57e

  • SSDEEP

    12288:ILfpljJgZSsAjAuYcVWfs6MDMVqfBdcmDBuvXEVd:0JwcAuv0fKMVqJdczEVd

Score
10/10
echelonspywarestealer

Malware Config

Signatures

  • Detects Echelon Stealer payload 1 IoCs
  • Echelon

    Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

    stealerspywareechelon
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 14 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\56b9cbe1556dd419bec522a473a70a20.exe
    "C:\Users\Admin\AppData\Local\Temp\56b9cbe1556dd419bec522a473a70a20.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4384

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4384-0-0x000001CD61200000-0x000001CD612AE000-memory.dmp

    Filesize

    696KB

    Download

  • memory/4384-3-0x000001CD62F00000-0x000001CD62F44000-memory.dmp

    Filesize

    272KB

    Download

  • memory/4384-2-0x000001CD7BA60000-0x000001CD7BA70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4384-1-0x00007FF9749F0000-0x00007FF9754B1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4384-6-0x000001CD7B8F0000-0x000001CD7B8FE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4384-5-0x000001CD7BA60000-0x000001CD7BA70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4384-4-0x000001CD62FB0000-0x000001CD62FC4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4384-55-0x000001CD7BA60000-0x000001CD7BA70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4384-87-0x000001CD7CD80000-0x000001CD7CE10000-memory.dmp

    Filesize

    576KB

    Download

  • memory/4384-88-0x000001CD7CE50000-0x000001CD7CE72000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4384-86-0x000001CD7CD60000-0x000001CD7CD7E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/4384-89-0x00007FF9749F0000-0x00007FF9754B1000-memory.dmp

    Filesize

    10.8MB

    Download