Overview

overview

10

Static

static

10

a5c068511e...8d.exe

windows7-x64

10

a5c068511e...8d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-01-2024 01:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a5c068511e7487b6744f53abf21f09a23345a287a7858850e564143c56b5198d.exe

  • Size

    659KB

  • MD5

    e00956f5cb4af999fd7b334fa4e82543

  • SHA1

    d53769bf9dd345a7fb8b5c8c15e840cf7ee0b1e9

  • SHA256

    a5c068511e7487b6744f53abf21f09a23345a287a7858850e564143c56b5198d

  • SHA512

    4ba8d9b6c3b7c5aa53132e38c0bde4fb1877656ef49a0c24676a363ea4a5aac8514cd91ea23049acb2b48a63c7fd4dba2b2efce8ee196e46015bea6d909a8771

  • SSDEEP

    12288:DA03baVb7aXESXQL32ikCaUS4csRBse6sfWEAA:DA03baVbOnXy3k94cunZeEB

Score
10/10
echelonspywarestealer

Malware Config

Signatures

  • Detects Echelon Stealer payload 1 IoCs
  • Echelon

    Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

    stealerspywareechelon
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a5c068511e7487b6744f53abf21f09a23345a287a7858850e564143c56b5198d.exe
    "C:\Users\Admin\AppData\Local\Temp\a5c068511e7487b6744f53abf21f09a23345a287a7858850e564143c56b5198d.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1988-0-0x000002D941B30000-0x000002D941BDC000-memory.dmp

    Filesize

    688KB

    Download

  • memory/1988-1-0x000002D943860000-0x000002D943872000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1988-2-0x00007FF9ADD80000-0x00007FF9AE841000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1988-3-0x000002D9439B0000-0x000002D9439C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1988-4-0x000002D95CB10000-0x000002D95CB4C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1988-5-0x00007FF9ADD80000-0x00007FF9AE841000-memory.dmp

    Filesize

    10.8MB

    Download