Behavioral task
behavioral1
Sample
a9cc9231db913f25361ff54855ec7221e72879d2e428befb87a5a6bdffe08de1.exe
Resource
win7-20231215-en
General
-
Target
a9cc9231db913f25361ff54855ec7221e72879d2e428befb87a5a6bdffe08de1
-
Size
657KB
-
MD5
0d466a0fb178aca473b2888b5734287a
-
SHA1
d1cb2e9a2125ff2b90adc09cc17a2c36d2a5d1d7
-
SHA256
a9cc9231db913f25361ff54855ec7221e72879d2e428befb87a5a6bdffe08de1
-
SHA512
653d7a88cff389697bdb363737524a0c0a9eae6742e873d0d1c7a21fb85f46c9e533f2b97fc15bc7c30480e32472d8fbadd7893cc4d2627f0fa762223a90b515
-
SSDEEP
6144:rGjsXpRN4nQ48gSQ/uuCInHLhJI4FY/ixjci6ychf8xalGQGtSV41kJDsTDDpBnO:is5EnpgQL32ikCaUS4csRBse6sfWfAA
Malware Config
Signatures
-
Detects Echelon Stealer payload 1 IoCs
resource yara_rule sample family_echelon -
Echelon family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a9cc9231db913f25361ff54855ec7221e72879d2e428befb87a5a6bdffe08de1
Files
-
a9cc9231db913f25361ff54855ec7221e72879d2e428befb87a5a6bdffe08de1.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 654KB - Virtual size: 653KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ