General
-
Target
8793455ff0b8e1ba86950146f3b38eb2f40dd9f31509e51b4179d188469df05d
-
Size
581KB
-
Sample
240219-bm5gmagd2w
-
MD5
4c3eab225aabc7e675e5ca16056aa5dd
-
SHA1
3c28f07eba4a7163e1be5e9e2e0e4fba595832ea
-
SHA256
8793455ff0b8e1ba86950146f3b38eb2f40dd9f31509e51b4179d188469df05d
-
SHA512
604eb2047921dc92c5b8203847e9b3e7b4fa269a865cc3f2ca49aea388984ea54388f569563a2a1879c07a1c14de39ce368b09d484b5305454ceda8f64d099d5
-
SSDEEP
12288:zu5kjMFW/Yq9a7p8HRZLJLUf9snBS4csPYae6qfzYAA:9cwHRhhUF54clNf7YB
Malware Config
Targets
-
-
Target
8793455ff0b8e1ba86950146f3b38eb2f40dd9f31509e51b4179d188469df05d
-
Size
581KB
-
MD5
4c3eab225aabc7e675e5ca16056aa5dd
-
SHA1
3c28f07eba4a7163e1be5e9e2e0e4fba595832ea
-
SHA256
8793455ff0b8e1ba86950146f3b38eb2f40dd9f31509e51b4179d188469df05d
-
SHA512
604eb2047921dc92c5b8203847e9b3e7b4fa269a865cc3f2ca49aea388984ea54388f569563a2a1879c07a1c14de39ce368b09d484b5305454ceda8f64d099d5
-
SSDEEP
12288:zu5kjMFW/Yq9a7p8HRZLJLUf9snBS4csPYae6qfzYAA:9cwHRhhUF54clNf7YB
Score10/10-
Detects Echelon Stealer payload
-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-