Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
23-02-2024 01:42
Behavioral task
behavioral1
Sample
057033912ac6910cf4be03cc32bc326ea72ab688e1993a359749307f96cdaf9f.exe
Resource
win7-20240221-en
windows7-x64
3 signatures
150 seconds
General
-
Target
057033912ac6910cf4be03cc32bc326ea72ab688e1993a359749307f96cdaf9f.exe
-
Size
1.2MB
-
MD5
2c6c48bbc07c028e0995bad4b48d1198
-
SHA1
cd96c7a0f47657652cccb306a260bd7d5acabc43
-
SHA256
057033912ac6910cf4be03cc32bc326ea72ab688e1993a359749307f96cdaf9f
-
SHA512
fec6221009cdc7c9d076e85596be4a5bc268fa2b4663862faa4d25744abc5080964bfe644da99b5b2d7727b8260baddeb4807090e3c199724ec6f7e026436265
-
SSDEEP
24576:FpY28mQFgAyyOf39yo0pqdCLA5hVogMYgdk4ZYsl80+vVqmX:8mQqAydf39V0pqcLANSY7qTkz
Malware Config
Signatures
-
Detects Echelon Stealer payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2352-0-0x00000000001C0000-0x0000000000448000-memory.dmp family_echelon -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
057033912ac6910cf4be03cc32bc326ea72ab688e1993a359749307f96cdaf9f.exepid Process 2352 057033912ac6910cf4be03cc32bc326ea72ab688e1993a359749307f96cdaf9f.exe