echelon

General

Target

69c10e8fa7d800c4a24b36dffec2cea7
Size

2.4MB
Sample

240120-hh7vhsdebk
MD5

69c10e8fa7d800c4a24b36dffec2cea7
SHA1

07bea76542382f9613d4de5da9b36abb3276988d
SHA256

562720cf37245f6bdf71692343b7d7ccc2187e45979e957b86407a21aa83854c
SHA512

4cd0dbb29192a8ebc31abd673aa7983a6e2f24e89cc684fb720777aaf5a692010c6f800e1f50b9ffbc9dea397d97a91118a0325cfc4337d83cb2296a6b68bd6f
SSDEEP

49152:IzecMn91vjBteouiARLrW8oj12yoYBGfUjAIgX2z2r:gu9dNtb4nWpjIYBCv9

Score

10^/10

Malware Config

Targets

- Target
  
  69c10e8fa7d800c4a24b36dffec2cea7
- Size
  
  2.4MB
- MD5
  
  69c10e8fa7d800c4a24b36dffec2cea7
- SHA1
  
  07bea76542382f9613d4de5da9b36abb3276988d
- SHA256
  
  562720cf37245f6bdf71692343b7d7ccc2187e45979e957b86407a21aa83854c
- SHA512
  
  4cd0dbb29192a8ebc31abd673aa7983a6e2f24e89cc684fb720777aaf5a692010c6f800e1f50b9ffbc9dea397d97a91118a0325cfc4337d83cb2296a6b68bd6f
- SSDEEP
  
  49152:IzecMn91vjBteouiARLrW8oj12yoYBGfUjAIgX2z2r:gu9dNtb4nWpjIYBCv9
Score

10^/10

echelon zgrat rat spyware stealer
- Detect ZGRat V1
- Detects Echelon Stealer payload
- Echelon
  Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
  stealer spyware echelon
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1

T1552

Credentials In Files

1

T1552.001

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detect ZGRat V1

Detects Echelon Stealer payload

ZGRat

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Looks up external IP address via web service

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2