General
-
Target
326cdac6443e1646c68d954b287ac85f11fba32e563e8926b94a6fe30a220bcc
-
Size
581KB
-
Sample
240116-cazahsbhb3
-
MD5
665ddb74a68a1d744aee2d9bee16b8d5
-
SHA1
d54a0ec7a36a3445fa2df84673ca1bbd2573f5bf
-
SHA256
326cdac6443e1646c68d954b287ac85f11fba32e563e8926b94a6fe30a220bcc
-
SHA512
8c4875d9cafaf6cbc84328b8b80f8c2636ac2fe4cf26fc333defd412224e25bd1509d4159b14d904ec530e56705a6e1dee2daf8208a7a8ef5daf07e7c1fb2818
-
SSDEEP
6144:1mYYrzhUoI/ZnJuCIjOL8qwWN/jlChMYZWiR9u9vnIT1TGtSV41kJDsTDDnYEteR:1MrzhWZLJLUf9snBS4csPYae6qfz7AA
Malware Config
Targets
-
-
Target
326cdac6443e1646c68d954b287ac85f11fba32e563e8926b94a6fe30a220bcc
-
Size
581KB
-
MD5
665ddb74a68a1d744aee2d9bee16b8d5
-
SHA1
d54a0ec7a36a3445fa2df84673ca1bbd2573f5bf
-
SHA256
326cdac6443e1646c68d954b287ac85f11fba32e563e8926b94a6fe30a220bcc
-
SHA512
8c4875d9cafaf6cbc84328b8b80f8c2636ac2fe4cf26fc333defd412224e25bd1509d4159b14d904ec530e56705a6e1dee2daf8208a7a8ef5daf07e7c1fb2818
-
SSDEEP
6144:1mYYrzhUoI/ZnJuCIjOL8qwWN/jlChMYZWiR9u9vnIT1TGtSV41kJDsTDDnYEteR:1MrzhWZLJLUf9snBS4csPYae6qfz7AA
Score10/10-
Detects Echelon Stealer payload
-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-