echelon | a339a377abbfb9c0ee85652901cc67b3 | Triage

Sharing

General

Target

a339a377abbfb9c0ee85652901cc67b3
Size

1.0MB
MD5

a339a377abbfb9c0ee85652901cc67b3
SHA1

cbafbcefd502b16d4661a2da17fc6d04b34ee0cb
SHA256

0a0a341eb3849788273e62d2acd28de82942f01396c7543f85a5b8a8420e0c44
SHA512

a43ae5d6cf03c96ae757bdb97521562c64e7248d73791ecfae1498df4e9b7401d359bba5e56a3ba2c16cc0e6f30cfc6b9c421667353cb4677b98977c0082282d
SSDEEP

24576:JjE5gAVhhUF54clNf7+6uHAW92zt/sWu2BSMCqDoR4E:go54clgLH+tkWJ0Nj

Score

10^/10

echelon

Malware Config

Signatures

Detects Echelon Stealer payload 1 IoCs

Processes:

resource yara_rule

sample family_echelon
Echelon family
echelon
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

a339a377abbfb9c0ee85652901cc67b3

Files

a339a377abbfb9c0ee85652901cc67b3
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\1\Desktop\source code\Elechon Stealer[modded by CoderVir] Update[2]\obj\x64\Release\CoderVir Stealer Love Lolz.guru.pdb

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ