General
-
Target
6e8643be663b6295645bf7c28323f00b1552e9d398116c780933095507624a62
-
Size
1.5MB
-
Sample
240120-bdtzjahca7
-
MD5
782bcf992d63bdefa2d4fa9506db01b3
-
SHA1
59a586ab6eb222c94cc4d4cefacac8cdc078a3b5
-
SHA256
6e8643be663b6295645bf7c28323f00b1552e9d398116c780933095507624a62
-
SHA512
6af38824f318d3dfda4774c6fdfdf952396c4cbb976bb16e2bf7b3a8287af5922695e2952f38e3641aa5d289bc06945716503927c9f11b58ddccae98086add7b
-
SSDEEP
24576:jBkVdlYAK71WmEjLaofPl87xCDV3fu/2s+zIfcJ8AV3z8vTjV4BzKInuKW:FsvK1m/aofK7xCZLs+sf0YLHKW
Malware Config
Targets
-
-
Target
6e8643be663b6295645bf7c28323f00b1552e9d398116c780933095507624a62
-
Size
1.5MB
-
MD5
782bcf992d63bdefa2d4fa9506db01b3
-
SHA1
59a586ab6eb222c94cc4d4cefacac8cdc078a3b5
-
SHA256
6e8643be663b6295645bf7c28323f00b1552e9d398116c780933095507624a62
-
SHA512
6af38824f318d3dfda4774c6fdfdf952396c4cbb976bb16e2bf7b3a8287af5922695e2952f38e3641aa5d289bc06945716503927c9f11b58ddccae98086add7b
-
SSDEEP
24576:jBkVdlYAK71WmEjLaofPl87xCDV3fu/2s+zIfcJ8AV3z8vTjV4BzKInuKW:FsvK1m/aofK7xCZLs+sf0YLHKW
Score10/10-
Detects Echelon Stealer payload
-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-