echelon | 057033912ac6910cf4be03cc32bc326ea72ab688e1993a359749307f96cdaf9f | Triage

Sharing

General

Target

057033912ac6910cf4be03cc32bc326ea72ab688e1993a359749307f96cdaf9f
Size

1.2MB
MD5

2c6c48bbc07c028e0995bad4b48d1198
SHA1

cd96c7a0f47657652cccb306a260bd7d5acabc43
SHA256

057033912ac6910cf4be03cc32bc326ea72ab688e1993a359749307f96cdaf9f
SHA512

fec6221009cdc7c9d076e85596be4a5bc268fa2b4663862faa4d25744abc5080964bfe644da99b5b2d7727b8260baddeb4807090e3c199724ec6f7e026436265
SSDEEP

24576:FpY28mQFgAyyOf39yo0pqdCLA5hVogMYgdk4ZYsl80+vVqmX:8mQqAydf39V0pqcLANSY7qTkz

Score

10^/10

echelon

Malware Config

Signatures

Detects Echelon Stealer payload 1 IoCs

Processes:

resource	yara_rule
sample	family_echelon

Echelon family
echelon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
057033912ac6910cf4be03cc32bc326ea72ab688e1993a359749307f96cdaf9f

Files

057033912ac6910cf4be03cc32bc326ea72ab688e1993a359749307f96cdaf9f
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: - Virtual size: 578KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.S',
Size: - Virtual size: 735KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.fM.
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.(M$
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ