Analysis
-
max time kernel
98s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
23-02-2024 01:42
Behavioral task
behavioral1
Sample
057033912ac6910cf4be03cc32bc326ea72ab688e1993a359749307f96cdaf9f.exe
Resource
win7-20240221-en
windows7-x64
3 signatures
150 seconds
General
-
Target
057033912ac6910cf4be03cc32bc326ea72ab688e1993a359749307f96cdaf9f.exe
-
Size
1.2MB
-
MD5
2c6c48bbc07c028e0995bad4b48d1198
-
SHA1
cd96c7a0f47657652cccb306a260bd7d5acabc43
-
SHA256
057033912ac6910cf4be03cc32bc326ea72ab688e1993a359749307f96cdaf9f
-
SHA512
fec6221009cdc7c9d076e85596be4a5bc268fa2b4663862faa4d25744abc5080964bfe644da99b5b2d7727b8260baddeb4807090e3c199724ec6f7e026436265
-
SSDEEP
24576:FpY28mQFgAyyOf39yo0pqdCLA5hVogMYgdk4ZYsl80+vVqmX:8mQqAydf39V0pqcLANSY7qTkz
Malware Config
Signatures
-
Detects Echelon Stealer payload 2 IoCs
resource yara_rule behavioral2/memory/4304-0-0x0000023F03C60000-0x0000023F03EE8000-memory.dmp family_echelon behavioral2/memory/4304-3-0x0000023F1E5D0000-0x0000023F1E5E0000-memory.dmp family_echelon -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 4304 057033912ac6910cf4be03cc32bc326ea72ab688e1993a359749307f96cdaf9f.exe