echelon

General

Target

94dc9a9b077ffd5bf20b93c9eb4c488fce76b610e5308b2dd0d18b04f66df27d
Size

995KB
Sample

240120-bdv7laggcp
MD5

87e97a6eae614b6337a6d4e51d08a88e
SHA1

7b5381794f91ab6c352e03bd534c818deb5f1d53
SHA256

94dc9a9b077ffd5bf20b93c9eb4c488fce76b610e5308b2dd0d18b04f66df27d
SHA512

ed25acd29946a3d41e09d1e46376293cb5e8c2833bf7ec886dec5c45fdba966393ed33895dfb99364fbba6bb98dfdef4b6406d52427a09f06b6373e368b029d0
SSDEEP

24576:jBkVdlYAK0qnvXMGYsHM/Hv5WPDRFN2Hs:FsvOvXMb0D7N2M

Score

10^/10

Malware Config

Targets

- Target
  
  94dc9a9b077ffd5bf20b93c9eb4c488fce76b610e5308b2dd0d18b04f66df27d
- Size
  
  995KB
- MD5
  
  87e97a6eae614b6337a6d4e51d08a88e
- SHA1
  
  7b5381794f91ab6c352e03bd534c818deb5f1d53
- SHA256
  
  94dc9a9b077ffd5bf20b93c9eb4c488fce76b610e5308b2dd0d18b04f66df27d
- SHA512
  
  ed25acd29946a3d41e09d1e46376293cb5e8c2833bf7ec886dec5c45fdba966393ed33895dfb99364fbba6bb98dfdef4b6406d52427a09f06b6373e368b029d0
- SSDEEP
  
  24576:jBkVdlYAK0qnvXMGYsHM/Hv5WPDRFN2Hs:FsvOvXMb0D7N2M
Score

10^/10

echelon evasion spyware stealer collection discovery
- Detects Echelon Stealer payload
- Echelon
  Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
  stealer spyware echelon
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2