General
-
Target
c05f5e7e1a4b7bd31fc0264e5c4a2311f8c0e90bf5744ab6f40ed586d3764c90
-
Size
581KB
-
Sample
240208-blm6ysdddm
-
MD5
50ed9303ba7994498c77254088f9596b
-
SHA1
7a845ef4bd8a42df6f50c14686c82ab1ecd3bb46
-
SHA256
c05f5e7e1a4b7bd31fc0264e5c4a2311f8c0e90bf5744ab6f40ed586d3764c90
-
SHA512
e57c796d95f691a4b364b7904d335bf3a4d63a3e53610577b24588e8aa97d4cfac9a6e39543fc5d401d930d233675b05ea89f43218ac4895e8a9f30849836433
-
SSDEEP
12288:Hrs21BscZLJLUf9snBS4csPYae6qfz8AA:p16chhUF54clNf78B
Malware Config
Targets
-
-
Target
c05f5e7e1a4b7bd31fc0264e5c4a2311f8c0e90bf5744ab6f40ed586d3764c90
-
Size
581KB
-
MD5
50ed9303ba7994498c77254088f9596b
-
SHA1
7a845ef4bd8a42df6f50c14686c82ab1ecd3bb46
-
SHA256
c05f5e7e1a4b7bd31fc0264e5c4a2311f8c0e90bf5744ab6f40ed586d3764c90
-
SHA512
e57c796d95f691a4b364b7904d335bf3a4d63a3e53610577b24588e8aa97d4cfac9a6e39543fc5d401d930d233675b05ea89f43218ac4895e8a9f30849836433
-
SSDEEP
12288:Hrs21BscZLJLUf9snBS4csPYae6qfz8AA:p16chhUF54clNf78B
Score10/10-
Detects Echelon Stealer payload
-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-