echelon | 559352e3fce2411d57970e4376f4e6e987ff8632b3f132a229cedbbebabd02ff | Triage

Submit
Reports

Overview

overview

Static

static

559352e3fc...ff.exe

windows7-x64

559352e3fc...ff.exe

windows10-2004-x64

Sharing

General

Target

559352e3fce2411d57970e4376f4e6e987ff8632b3f132a229cedbbebabd02ff
Size

659KB
Sample

240122-bfhdhsdbam
MD5

bd96a846220050b86645baf604f0d55f
SHA1

994293b8fed3bc6252be130bb6062078e2a43a1b
SHA256

559352e3fce2411d57970e4376f4e6e987ff8632b3f132a229cedbbebabd02ff
SHA512

2c673ede537c16aed303fc9a290656691fc46ce6b955675b4045a913ba14e37d37ee5bb8b284fd43cb366b396ad9ad496b302b13cdd43968a2eb0002a629a911
SSDEEP

12288:2A03baYRBhlrf6QL32ikCaUS4csRBse6sfWpAA:2A03baY3hh6y3k94cunZepB

Score

10^/10

echelon spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

559352e3fce2411d57970e4376f4e6e987ff8632b3f132a229cedbbebabd02ff.exe

Resource

win7-20231215-en

echelon spyware stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

559352e3fce2411d57970e4376f4e6e987ff8632b3f132a229cedbbebabd02ff.exe

Resource

win10v2004-20231215-en

echelon spyware stealer

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  559352e3fce2411d57970e4376f4e6e987ff8632b3f132a229cedbbebabd02ff
- Size
  
  659KB
- MD5
  
  bd96a846220050b86645baf604f0d55f
- SHA1
  
  994293b8fed3bc6252be130bb6062078e2a43a1b
- SHA256
  
  559352e3fce2411d57970e4376f4e6e987ff8632b3f132a229cedbbebabd02ff
- SHA512
  
  2c673ede537c16aed303fc9a290656691fc46ce6b955675b4045a913ba14e37d37ee5bb8b284fd43cb366b396ad9ad496b302b13cdd43968a2eb0002a629a911
- SSDEEP
  
  12288:2A03baYRBhlrf6QL32ikCaUS4csRBse6sfWpAA:2A03baY3hh6y3k94cunZepB
Score

10^/10

echelon spyware stealer
- Detects Echelon Stealer payload
- Echelon
  Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
  stealer spyware echelon
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

echelonspywarestealer

behavioral2

echelonspywarestealer

© 2018-2024

Terms | Privacy