General
-
Target
613dda690cc2ccaedd7660416478b064
-
Size
5.1MB
-
Sample
240117-ak2saaebg5
-
MD5
613dda690cc2ccaedd7660416478b064
-
SHA1
79e8b6e18c3ee35cc2909843c17a93c6ed3b0a94
-
SHA256
e9973498e9c6b86776c6bc4bd379b531e3390a43520421652173d0b5bcf0f730
-
SHA512
5b5a0c0e85cf7746df0d296ffe9bbe0e4c34be36a3e21d22e0ff32f4d1ae0f171c3ca16a8a5c7d92acdc56698df76220e74d35d151a18aa8b9549e1d7ed29b4f
-
SSDEEP
98304:isZd4DGVev+VxBEol6uHbrxXvOpdxyK5XL8jCp:7DM+VxO7unYpTf5XLX
Malware Config
Targets
-
-
Target
613dda690cc2ccaedd7660416478b064
-
Size
5.1MB
-
MD5
613dda690cc2ccaedd7660416478b064
-
SHA1
79e8b6e18c3ee35cc2909843c17a93c6ed3b0a94
-
SHA256
e9973498e9c6b86776c6bc4bd379b531e3390a43520421652173d0b5bcf0f730
-
SHA512
5b5a0c0e85cf7746df0d296ffe9bbe0e4c34be36a3e21d22e0ff32f4d1ae0f171c3ca16a8a5c7d92acdc56698df76220e74d35d151a18aa8b9549e1d7ed29b4f
-
SSDEEP
98304:isZd4DGVev+VxBEol6uHbrxXvOpdxyK5XL8jCp:7DM+VxO7unYpTf5XLX
Score10/10-
Detects Echelon Stealer payload
-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-