echelon | a08b92e0ef621c731c9c9a0a38095df4515f95c8200e508d772cf533395bcab4 | Triage

Submit
Reports

Overview

overview

Static

static

a08b92e0ef...b4.exe

windows7-x64

a08b92e0ef...b4.exe

windows10-2004-x64

Sharing

General

Target

a08b92e0ef621c731c9c9a0a38095df4515f95c8200e508d772cf533395bcab4
Size

1.5MB
Sample

240129-bhsx2aegb5
MD5

4dd426b5b9cb7f9bb7a1b1c057a0c951
SHA1

a6f9518d57d3a0fa683fb23842870d25f6b79133
SHA256

a08b92e0ef621c731c9c9a0a38095df4515f95c8200e508d772cf533395bcab4
SHA512

6eaf6ac8186d57dd3a6190fcc556686a9069c776118e4f55ebfb5361cb2b9e317eb7b9c67062f15a93d755ff01bc5563d18fd4453049e7347f16609b32d07d36
SSDEEP

24576:3hAk70TrcnXpatsCu7IfLKZnikPhhUF54clNf7+6uHAW92zt/sWu2BSMCqDoRo:OkQTA5Qw7CSikJo54clgLH+tkWJ0NC

Score

10^/10

echelon zgrat rat spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

a08b92e0ef621c731c9c9a0a38095df4515f95c8200e508d772cf533395bcab4.exe

Resource

win7-20231215-en

echelon zgrat rat spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

a08b92e0ef621c731c9c9a0a38095df4515f95c8200e508d772cf533395bcab4.exe

Resource

win10v2004-20231215-en

echelon spyware stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  a08b92e0ef621c731c9c9a0a38095df4515f95c8200e508d772cf533395bcab4
- Size
  
  1.5MB
- MD5
  
  4dd426b5b9cb7f9bb7a1b1c057a0c951
- SHA1
  
  a6f9518d57d3a0fa683fb23842870d25f6b79133
- SHA256
  
  a08b92e0ef621c731c9c9a0a38095df4515f95c8200e508d772cf533395bcab4
- SHA512
  
  6eaf6ac8186d57dd3a6190fcc556686a9069c776118e4f55ebfb5361cb2b9e317eb7b9c67062f15a93d755ff01bc5563d18fd4453049e7347f16609b32d07d36
- SSDEEP
  
  24576:3hAk70TrcnXpatsCu7IfLKZnikPhhUF54clNf7+6uHAW92zt/sWu2BSMCqDoRo:OkQTA5Qw7CSikJo54clgLH+tkWJ0NC
Score

10^/10

echelon zgrat rat spyware stealer
- Detect ZGRat V1
- Detects Echelon Stealer payload
- Echelon
  Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
  stealer spyware echelon
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

echelonzgratratspywarestealer

behavioral2

echelonspywarestealer

© 2018-2024

Terms | Privacy