Analysis
-
max time kernel
144s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
22-01-2024 01:01
General
-
Target
a5c068511e7487b6744f53abf21f09a23345a287a7858850e564143c56b5198d.exe
-
Size
659KB
-
MD5
e00956f5cb4af999fd7b334fa4e82543
-
SHA1
d53769bf9dd345a7fb8b5c8c15e840cf7ee0b1e9
-
SHA256
a5c068511e7487b6744f53abf21f09a23345a287a7858850e564143c56b5198d
-
SHA512
4ba8d9b6c3b7c5aa53132e38c0bde4fb1877656ef49a0c24676a363ea4a5aac8514cd91ea23049acb2b48a63c7fd4dba2b2efce8ee196e46015bea6d909a8771
-
SSDEEP
12288:DA03baVb7aXESXQL32ikCaUS4csRBse6sfWEAA:DA03baVbOnXy3k94cunZeEB
Score
10/10
Malware Config
Signatures
-
Detects Echelon Stealer payload 1 IoCs
-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a5c068511e7487b6744f53abf21f09a23345a287a7858850e564143c56b5198d.exe"C:\Users\Admin\AppData\Local\Temp\a5c068511e7487b6744f53abf21f09a23345a287a7858850e564143c56b5198d.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1988-0-0x000002D941B30000-0x000002D941BDC000-memory.dmpFilesize
688KB
-
memory/1988-1-0x000002D943860000-0x000002D943872000-memory.dmpFilesize
72KB
-
memory/1988-2-0x00007FF9ADD80000-0x00007FF9AE841000-memory.dmpFilesize
10.8MB
-
memory/1988-3-0x000002D9439B0000-0x000002D9439C0000-memory.dmpFilesize
64KB
-
memory/1988-4-0x000002D95CB10000-0x000002D95CB4C000-memory.dmpFilesize
240KB
-
memory/1988-5-0x00007FF9ADD80000-0x00007FF9AE841000-memory.dmpFilesize
10.8MB