Overview

overview

10

Static

static

3

706fc7ab5c...44.exe

windows7-x64

7

706fc7ab5c...44.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    706fc7ab5c6b9ef616acfd3add700e44

  • Size

    886KB

  • Sample

    240123-yrtx1sgeeq

  • MD5

    706fc7ab5c6b9ef616acfd3add700e44

  • SHA1

    d4cfb9750c6e4a7a44be3710bc94fa0fbb53ccf4

  • SHA256

    1c5975dd72f461fbc184364d27f711642fc693552bb0422477f60020e1139ea9

  • SHA512

    32b6d7947fee7ad02de23bcbf97a8d838934c700bab3cec525fa45e340564a665b00f5212faeec056cdbbd592bc7f6bf2053c6d24bd8be35c134aed82d623012

  • SSDEEP

    24576:2ryfpDG1m7JGVrFoh8I7UFHxW9ugDH3VH/SVTiZsCfonnV:vff7gVrFG8ZHUH/KGG

Score
10/10
echelonpersistencespywarestealer

Malware Config

Targets

    • Target

      706fc7ab5c6b9ef616acfd3add700e44

    • Size

      886KB

    • MD5

      706fc7ab5c6b9ef616acfd3add700e44

    • SHA1

      d4cfb9750c6e4a7a44be3710bc94fa0fbb53ccf4

    • SHA256

      1c5975dd72f461fbc184364d27f711642fc693552bb0422477f60020e1139ea9

    • SHA512

      32b6d7947fee7ad02de23bcbf97a8d838934c700bab3cec525fa45e340564a665b00f5212faeec056cdbbd592bc7f6bf2053c6d24bd8be35c134aed82d623012

    • SSDEEP

      24576:2ryfpDG1m7JGVrFoh8I7UFHxW9ugDH3VH/SVTiZsCfonnV:vff7gVrFG8ZHUH/KGG

    Score
    10/10
    persistenceechelonspywarestealer

    • Echelon

      Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

      stealerspywareechelon

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks