echelon | 818d899f97b141d991937b1d39936ead0a845022ea685c7e83aef1fd55838033 | Triage

Sharing

General

Target

818d899f97b141d991937b1d39936ead0a845022ea685c7e83aef1fd55838033
Size

592KB
MD5

a6c5e33747f3087b1f1c96d5c800aa99
SHA1

d3e400f79fb0520deca6eaf52ac030eadec98a71
SHA256

818d899f97b141d991937b1d39936ead0a845022ea685c7e83aef1fd55838033
SHA512

5339057ce8126bb5fc1c4a2115b4887533761ed5cb54976ec8b2087abf6a4602012cc939c04876a3cbf10ed270b100ee55b20fdecae51fa6952194ee2900fdb8
SSDEEP

12288:2ZhhKDNUUA7ZLJLUf9snBS4csPYae6qfzRAA:2ZCxUF7hhUF54clNf7RB

Score

10^/10

echelon

Malware Config

Signatures

Detects Echelon Stealer payload 1 IoCs

Processes:

resource yara_rule

sample family_echelon
Echelon family
echelon

Files

818d899f97b141d991937b1d39936ead0a845022ea685c7e83aef1fd55838033
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

2d:6f:ec:b8:85:78:f6:94:47:ac:aa:71:8a:85:e9:32
Certificate

Issuer

CN=TRICK\\tck49

Not Before

28-12-2023 18:14

Not After

28-12-2024 00:14

Subject

CN=TRICK\\tck49

a0:11:a3:16:5f:fb:62:a5:73:e6:6b:dc:9f:69:5d:4c:45:1f:1f:21:3d:24:55:73:d2:ee:da:fd:3d:30:23:07
Signer

Actual PE Digest

a0:11:a3:16:5f:fb:62:a5:73:e6:6b:dc:9f:69:5d:4c:45:1f:1f:21:3d:24:55:73:d2:ee:da:fd:3d:30:23:07

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 589KB - Virtual size: 589KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ