echelon | f1d3b652d8026acb0c7fcd47cd8a86002078a4d5ff752e890de2e320341cee39 | Triage

Submit
Reports

Overview

overview

Static

static

f1d3b652d8...39.exe

windows7-x64

f1d3b652d8...39.exe

windows10-2004-x64

Sharing

General

Target

f1d3b652d8026acb0c7fcd47cd8a86002078a4d5ff752e890de2e320341cee39
Size

659KB
Sample

240122-bfg3radfa2
MD5

92933a0252bc4abf9ed78609672226f6
SHA1

c737bfb1cf71acd63803e3c78c1e1ed4ccda640e
SHA256

f1d3b652d8026acb0c7fcd47cd8a86002078a4d5ff752e890de2e320341cee39
SHA512

9a28da55f116c472d712c57ec2fef6bb80e2779d485d61f66b5176f15e8a8ea9093a572f8df541c1b7b7864d5c3f7cb055663ccb23cb7871689d1ad7c8785a05
SSDEEP

12288:pA03baY4nblrmoQL32ikCaUS4csRBse6sfWmAA:pA03baYabUoy3k94cunZemB

Score

10^/10

echelon spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

f1d3b652d8026acb0c7fcd47cd8a86002078a4d5ff752e890de2e320341cee39.exe

Resource

win7-20231215-en

echelon spyware stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

f1d3b652d8026acb0c7fcd47cd8a86002078a4d5ff752e890de2e320341cee39.exe

Resource

win10v2004-20231215-en

echelon spyware stealer

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  f1d3b652d8026acb0c7fcd47cd8a86002078a4d5ff752e890de2e320341cee39
- Size
  
  659KB
- MD5
  
  92933a0252bc4abf9ed78609672226f6
- SHA1
  
  c737bfb1cf71acd63803e3c78c1e1ed4ccda640e
- SHA256
  
  f1d3b652d8026acb0c7fcd47cd8a86002078a4d5ff752e890de2e320341cee39
- SHA512
  
  9a28da55f116c472d712c57ec2fef6bb80e2779d485d61f66b5176f15e8a8ea9093a572f8df541c1b7b7864d5c3f7cb055663ccb23cb7871689d1ad7c8785a05
- SSDEEP
  
  12288:pA03baY4nblrmoQL32ikCaUS4csRBse6sfWmAA:pA03baYabUoy3k94cunZemB
Score

10^/10

echelon spyware stealer
- Detects Echelon Stealer payload
- Echelon
  Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
  stealer spyware echelon
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

echelonspywarestealer

behavioral2

echelonspywarestealer

© 2018-2024

Terms | Privacy