Analysis
-
max time kernel
141s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
22-01-2024 01:13
Behavioral task
behavioral1
Sample
b9bd8fe0b33b5937c740db9992833a7262d073d8cf3ec4c32901a57ed918b12b.exe
Resource
win7-20231215-en
windows7-x64
6 signatures
150 seconds
General
-
Target
b9bd8fe0b33b5937c740db9992833a7262d073d8cf3ec4c32901a57ed918b12b.exe
-
Size
653KB
-
MD5
2f24dee681ff1eb62a5d7b2698aaf5ca
-
SHA1
e3d687669640208a6c1d3c2c1f5c80debdf392c6
-
SHA256
b9bd8fe0b33b5937c740db9992833a7262d073d8cf3ec4c32901a57ed918b12b
-
SHA512
20c3b334ee470613b3c5c53682720314ebc74bae74a1c5e2776ce39c23a0c81a7b71c296eccdd7663e1bae0d1a54c32b4e87bd6ee6a47b08f5d653d6641ebc84
-
SSDEEP
12288:JT4on1TyxGQL32ikCaUS4csRBse6sfWiAA:JT42T7y3k94cunZeiB
Malware Config
Signatures
-
Detects Echelon Stealer payload 1 IoCs
resource yara_rule behavioral2/memory/224-0-0x0000018DDBC70000-0x0000018DDBD1A000-memory.dmp family_echelon -
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 7 api.ipify.org 8 api.ipify.org -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 224 b9bd8fe0b33b5937c740db9992833a7262d073d8cf3ec4c32901a57ed918b12b.exe