General
-
Target
4d02168925f891eba820a3d8050fdf7a3de7ddd9a3aabb529dfa45ae6e540f79
-
Size
649KB
-
Sample
240120-bf48aaggfl
-
MD5
d87dbaf2295af3f2f55f7ca333b4668f
-
SHA1
95aa151d52ce3174d4d0e909c8e14e8373e4506a
-
SHA256
4d02168925f891eba820a3d8050fdf7a3de7ddd9a3aabb529dfa45ae6e540f79
-
SHA512
992b8d780758003e237e5c4c3b8eb9cd5276f79965d58976ce0b93128a95346927ee122294b8dea2c8f46aea4b7ab46c916099fbf60b15cc4987dec34217d0a3
-
SSDEEP
12288:jBdlwHRn+WlYV+8T+tkU5bw6g8h+Y409dMCZyH0FVI8QV:jBkVdlYAK23FNZyHf8QV
Malware Config
Targets
-
-
Target
4d02168925f891eba820a3d8050fdf7a3de7ddd9a3aabb529dfa45ae6e540f79
-
Size
649KB
-
MD5
d87dbaf2295af3f2f55f7ca333b4668f
-
SHA1
95aa151d52ce3174d4d0e909c8e14e8373e4506a
-
SHA256
4d02168925f891eba820a3d8050fdf7a3de7ddd9a3aabb529dfa45ae6e540f79
-
SHA512
992b8d780758003e237e5c4c3b8eb9cd5276f79965d58976ce0b93128a95346927ee122294b8dea2c8f46aea4b7ab46c916099fbf60b15cc4987dec34217d0a3
-
SSDEEP
12288:jBdlwHRn+WlYV+8T+tkU5bw6g8h+Y409dMCZyH0FVI8QV:jBkVdlYAK23FNZyHf8QV
Score10/10-
Detects Echelon Stealer payload
-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-