Behavioral task
behavioral1
Sample
057033912ac6910cf4be03cc32bc326ea72ab688e1993a359749307f96cdaf9f.exe
Resource
win7-20240221-en
General
-
Target
057033912ac6910cf4be03cc32bc326ea72ab688e1993a359749307f96cdaf9f
-
Size
1.2MB
-
MD5
2c6c48bbc07c028e0995bad4b48d1198
-
SHA1
cd96c7a0f47657652cccb306a260bd7d5acabc43
-
SHA256
057033912ac6910cf4be03cc32bc326ea72ab688e1993a359749307f96cdaf9f
-
SHA512
fec6221009cdc7c9d076e85596be4a5bc268fa2b4663862faa4d25744abc5080964bfe644da99b5b2d7727b8260baddeb4807090e3c199724ec6f7e026436265
-
SSDEEP
24576:FpY28mQFgAyyOf39yo0pqdCLA5hVogMYgdk4ZYsl80+vVqmX:8mQqAydf39V0pqcLANSY7qTkz
Malware Config
Signatures
-
Detects Echelon Stealer payload 1 IoCs
resource yara_rule sample family_echelon -
Echelon family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 057033912ac6910cf4be03cc32bc326ea72ab688e1993a359749307f96cdaf9f
Files
-
057033912ac6910cf4be03cc32bc326ea72ab688e1993a359749307f96cdaf9f.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: - Virtual size: 578KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.S', Size: - Virtual size: 735KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.fM. Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.(M$ Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ