echelon | b5943edb5bc6de1fdcee0d555aafb3fcc2e6cdaaec8a5415caaada2328501e83 | Triage

Submit
Reports

Overview

overview

Static

static

76fad3569c...46.exe

windows7-x64

76fad3569c...46.exe

windows10-2004-x64

Sharing

General

Target

76fad3569cffe8e8d91bf06b545ec346
Size

1.5MB
Sample

240126-lb5y5abhaj
MD5

76fad3569cffe8e8d91bf06b545ec346
SHA1

1b5bf0f630c9c354d80caccf3e4a18342450197a
SHA256

b5943edb5bc6de1fdcee0d555aafb3fcc2e6cdaaec8a5415caaada2328501e83
SHA512

75ab8c69cb6a5b55656341cce8eaf654fd3a37b6b2e2ea48f1cafe4a8baf6efbca51c9bebc310564f60393cb56efa5f3a9176b1a6a1f6a1b0634e371b639424d
SSDEEP

24576:Fo8k70TrcnXpatsCu7IfLKZnikPhhUF54clNf7+6uHAW92zt/sWu2BSMCqDoRRD:Fo8kQTA5Qw7CSikJo54clgLH+tkWJ0N7

Score

10^/10

echelon zgrat rat spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

76fad3569cffe8e8d91bf06b545ec346.exe

Resource

win7-20231215-en

echelon zgrat rat spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

76fad3569cffe8e8d91bf06b545ec346.exe

Resource

win10v2004-20231215-en

echelon spyware stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  76fad3569cffe8e8d91bf06b545ec346
- Size
  
  1.5MB
- MD5
  
  76fad3569cffe8e8d91bf06b545ec346
- SHA1
  
  1b5bf0f630c9c354d80caccf3e4a18342450197a
- SHA256
  
  b5943edb5bc6de1fdcee0d555aafb3fcc2e6cdaaec8a5415caaada2328501e83
- SHA512
  
  75ab8c69cb6a5b55656341cce8eaf654fd3a37b6b2e2ea48f1cafe4a8baf6efbca51c9bebc310564f60393cb56efa5f3a9176b1a6a1f6a1b0634e371b639424d
- SSDEEP
  
  24576:Fo8k70TrcnXpatsCu7IfLKZnikPhhUF54clNf7+6uHAW92zt/sWu2BSMCqDoRRD:Fo8kQTA5Qw7CSikJo54clgLH+tkWJ0N7
Score

10^/10

echelon zgrat rat spyware stealer
- Detect ZGRat V1
- Detects Echelon Stealer payload
- Echelon
  Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
  stealer spyware echelon
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

echelonzgratratspywarestealer

behavioral2

echelonspywarestealer

© 2018-2024

Terms | Privacy