echelon | 372af6a973a811ce7a33818c0b2dbf2f619916bcc8b804a2319ce49368c53c7a | Triage

Submit
Reports

Overview

overview

Static

static

372af6a973...7a.exe

windows7-x64

372af6a973...7a.exe

windows10-2004-x64

Sharing

General

Target

372af6a973a811ce7a33818c0b2dbf2f619916bcc8b804a2319ce49368c53c7a
Size

656KB
Sample

240122-bhvrmadbfp
MD5

696406fd9d9ac1e30f2b40f6cb604c79
SHA1

99e6e63f6fddfd03a8fd761f073e651567dde0f9
SHA256

372af6a973a811ce7a33818c0b2dbf2f619916bcc8b804a2319ce49368c53c7a
SHA512

fbe1d63c3b0112d286df126aa3e32f5b97029e7cd34c161f53df229481d70e34086433c8599d6423d625bc9bc0517bcffae5bdf9a51652249d02c619698cfec5
SSDEEP

6144:kjsXCtcnQ48gSQ/muCInHLhJI4FY/ixjci6ychf8xalGQGtSV41kJDsTDDpBnsej:EsyKnp4QL32ikCaUS4csRBse6sfWgAA

Score

10^/10

echelon discovery spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

372af6a973a811ce7a33818c0b2dbf2f619916bcc8b804a2319ce49368c53c7a.exe

Resource

win7-20231215-en

echelon spyware stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

372af6a973a811ce7a33818c0b2dbf2f619916bcc8b804a2319ce49368c53c7a.exe

Resource

win10v2004-20231215-en

echelon discovery spyware stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  372af6a973a811ce7a33818c0b2dbf2f619916bcc8b804a2319ce49368c53c7a
- Size
  
  656KB
- MD5
  
  696406fd9d9ac1e30f2b40f6cb604c79
- SHA1
  
  99e6e63f6fddfd03a8fd761f073e651567dde0f9
- SHA256
  
  372af6a973a811ce7a33818c0b2dbf2f619916bcc8b804a2319ce49368c53c7a
- SHA512
  
  fbe1d63c3b0112d286df126aa3e32f5b97029e7cd34c161f53df229481d70e34086433c8599d6423d625bc9bc0517bcffae5bdf9a51652249d02c619698cfec5
- SSDEEP
  
  6144:kjsXCtcnQ48gSQ/muCInHLhJI4FY/ixjci6ychf8xalGQGtSV41kJDsTDDpBnsej:EsyKnp4QL32ikCaUS4csRBse6sfWgAA
Score

10^/10

echelon spyware stealer discovery
- Detects Echelon Stealer payload
- Echelon
  Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
  stealer spyware echelon
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

echelonspywarestealer

behavioral2

echelondiscoveryspywarestealer

© 2018-2024

Terms | Privacy