Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
23-02-2024 01:17
General
-
Target
92abc5fb670d51a9849ced859df8a6c575c4ade9cae0ac0e8f1e8b6609a4df03.exe
-
Size
581KB
-
MD5
39ef64bc04e13d8e12286cdcacafec06
-
SHA1
7c7f68bf0d24a6cd8811be401a247ab27963fb81
-
SHA256
92abc5fb670d51a9849ced859df8a6c575c4ade9cae0ac0e8f1e8b6609a4df03
-
SHA512
438d4a91b2a15aa05a66400f61351be74e0ed1489da2b5d042f567c07ab04fb6185af30bfd109b06a27d1a6568228e8053be489919c9fa539b920b28ef1654b1
-
SSDEEP
12288:BctvPYVlNWEZkVlF9ZLJLUf9snBS4csPYae6qfzNAA:ys29hhUF54clNf7NB
Score
10/10
Malware Config
Signatures
-
Detects Echelon Stealer payload 1 IoCs
-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\92abc5fb670d51a9849ced859df8a6c575c4ade9cae0ac0e8f1e8b6609a4df03.exe"C:\Users\Admin\AppData\Local\Temp\92abc5fb670d51a9849ced859df8a6c575c4ade9cae0ac0e8f1e8b6609a4df03.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2876-0-0x0000027549550000-0x00000275495E8000-memory.dmpFilesize
608KB
-
memory/2876-1-0x00007FFE2FBE0000-0x00007FFE306A1000-memory.dmpFilesize
10.8MB
-
memory/2876-2-0x0000027563C00000-0x0000027563C10000-memory.dmpFilesize
64KB
-
memory/2876-3-0x00007FFE2FBE0000-0x00007FFE306A1000-memory.dmpFilesize
10.8MB