echelon | 326cdac6443e1646c68d954b287ac85f11fba32e563e8926b94a6fe30a220bcc | Triage

Submit
Reports

Overview

overview

Static

static

326cdac644...cc.exe

windows7-x64

326cdac644...cc.exe

windows10-2004-x64

Sharing

General

Target

326cdac6443e1646c68d954b287ac85f11fba32e563e8926b94a6fe30a220bcc
Size

581KB
Sample

240116-cazahsbhb3
MD5

665ddb74a68a1d744aee2d9bee16b8d5
SHA1

d54a0ec7a36a3445fa2df84673ca1bbd2573f5bf
SHA256

326cdac6443e1646c68d954b287ac85f11fba32e563e8926b94a6fe30a220bcc
SHA512

8c4875d9cafaf6cbc84328b8b80f8c2636ac2fe4cf26fc333defd412224e25bd1509d4159b14d904ec530e56705a6e1dee2daf8208a7a8ef5daf07e7c1fb2818
SSDEEP

6144:1mYYrzhUoI/ZnJuCIjOL8qwWN/jlChMYZWiR9u9vnIT1TGtSV41kJDsTDDnYEteR:1MrzhWZLJLUf9snBS4csPYae6qfz7AA

Score

10^/10

echelon collection spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

326cdac6443e1646c68d954b287ac85f11fba32e563e8926b94a6fe30a220bcc.exe

Resource

win7-20231215-en

echelon spyware stealer

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

326cdac6443e1646c68d954b287ac85f11fba32e563e8926b94a6fe30a220bcc.exe

Resource

win10v2004-20231215-en

echelon collection spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  326cdac6443e1646c68d954b287ac85f11fba32e563e8926b94a6fe30a220bcc
- Size
  
  581KB
- MD5
  
  665ddb74a68a1d744aee2d9bee16b8d5
- SHA1
  
  d54a0ec7a36a3445fa2df84673ca1bbd2573f5bf
- SHA256
  
  326cdac6443e1646c68d954b287ac85f11fba32e563e8926b94a6fe30a220bcc
- SHA512
  
  8c4875d9cafaf6cbc84328b8b80f8c2636ac2fe4cf26fc333defd412224e25bd1509d4159b14d904ec530e56705a6e1dee2daf8208a7a8ef5daf07e7c1fb2818
- SSDEEP
  
  6144:1mYYrzhUoI/ZnJuCIjOL8qwWN/jlChMYZWiR9u9vnIT1TGtSV41kJDsTDDnYEteR:1MrzhWZLJLUf9snBS4csPYae6qfz7AA
Score

10^/10

echelon spyware stealer collection
- Detects Echelon Stealer payload
- Echelon
  Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
  stealer spyware echelon
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

echelonspywarestealer

behavioral2

echeloncollectionspywarestealer

© 2018-2024

Terms | Privacy