Analysis
-
max time kernel
121s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
21-01-2024 11:14
General
-
Target
6d298ea9fddcb15bc12be3699b88724e.exe
-
Size
1.0MB
-
MD5
6d298ea9fddcb15bc12be3699b88724e
-
SHA1
946732233c9490060639a44ea593f2ccd6ddc30b
-
SHA256
74499fe96913a5ec1b89d8b79ca8bf2d3fd598c0d65339bd6d6223599f20aa7b
-
SHA512
40e40caaf22651eb749694b1827f1902c89935bb5f40baf7ec3c68bfd277b68bd76c3a7c54cfa4ce7959b7067b6fb00ec1513f57e330df7790a95e7ed6ebc8ed
-
SSDEEP
24576:PjE5gAVhhUF54clNf7+6uHAW92zt/sWu2BSMCqDoR4E:yo54clgLH+tkWJ0Nj
Score
10/10
Malware Config
Signatures
-
Detects Echelon Stealer payload 1 IoCs
-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6d298ea9fddcb15bc12be3699b88724e.exe"C:\Users\Admin\AppData\Local\Temp\6d298ea9fddcb15bc12be3699b88724e.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2628-0-0x0000000001390000-0x0000000001496000-memory.dmpFilesize
1.0MB
-
memory/2628-1-0x000007FEF5820000-0x000007FEF620C000-memory.dmpFilesize
9.9MB
-
memory/2628-2-0x000000001B750000-0x000000001B7D0000-memory.dmpFilesize
512KB
-
memory/2628-3-0x00000000028A0000-0x0000000002916000-memory.dmpFilesize
472KB
-
memory/2628-4-0x000007FEF5820000-0x000007FEF620C000-memory.dmpFilesize
9.9MB