General
-
Target
94dc9a9b077ffd5bf20b93c9eb4c488fce76b610e5308b2dd0d18b04f66df27d
-
Size
995KB
-
Sample
240120-bdv7laggcp
-
MD5
87e97a6eae614b6337a6d4e51d08a88e
-
SHA1
7b5381794f91ab6c352e03bd534c818deb5f1d53
-
SHA256
94dc9a9b077ffd5bf20b93c9eb4c488fce76b610e5308b2dd0d18b04f66df27d
-
SHA512
ed25acd29946a3d41e09d1e46376293cb5e8c2833bf7ec886dec5c45fdba966393ed33895dfb99364fbba6bb98dfdef4b6406d52427a09f06b6373e368b029d0
-
SSDEEP
24576:jBkVdlYAK0qnvXMGYsHM/Hv5WPDRFN2Hs:FsvOvXMb0D7N2M
Static task
static1
Behavioral task
behavioral1
Sample
94dc9a9b077ffd5bf20b93c9eb4c488fce76b610e5308b2dd0d18b04f66df27d.exe
Resource
win7-20231215-en
Malware Config
Targets
-
-
Target
94dc9a9b077ffd5bf20b93c9eb4c488fce76b610e5308b2dd0d18b04f66df27d
-
Size
995KB
-
MD5
87e97a6eae614b6337a6d4e51d08a88e
-
SHA1
7b5381794f91ab6c352e03bd534c818deb5f1d53
-
SHA256
94dc9a9b077ffd5bf20b93c9eb4c488fce76b610e5308b2dd0d18b04f66df27d
-
SHA512
ed25acd29946a3d41e09d1e46376293cb5e8c2833bf7ec886dec5c45fdba966393ed33895dfb99364fbba6bb98dfdef4b6406d52427a09f06b6373e368b029d0
-
SSDEEP
24576:jBkVdlYAK0qnvXMGYsHM/Hv5WPDRFN2Hs:FsvOvXMb0D7N2M
-
Detects Echelon Stealer payload
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-