General
-
Target
13ef7e3685c4a648b92825ff7bde600e7c2efa2aff0699c8f4cbd06b5225f313
-
Size
1.8MB
-
Sample
240305-b88q6sbg63
-
MD5
033c1ee70bcc0d569f4a8077f0cbfe38
-
SHA1
34e498158fa012052d4785a8de59159b6a0e4649
-
SHA256
13ef7e3685c4a648b92825ff7bde600e7c2efa2aff0699c8f4cbd06b5225f313
-
SHA512
36fe82804eaf16f9e669abb895b0a2687db98c42da78f805ab053e518c17211a3a4f305c4f8ec296525f2cbd4e76b028a1aed7a4b304e128439a3343228948b2
-
SSDEEP
24576:v2G/nvxW3WwXdptGjLB46VvbuhZUTd8hhUF54clNf7+6uHAW92zt/sWu2BSMCqD7:vbA3Zz+bKo54clgLH+tkWJ0N8X
Malware Config
Targets
-
-
Target
13ef7e3685c4a648b92825ff7bde600e7c2efa2aff0699c8f4cbd06b5225f313
-
Size
1.8MB
-
MD5
033c1ee70bcc0d569f4a8077f0cbfe38
-
SHA1
34e498158fa012052d4785a8de59159b6a0e4649
-
SHA256
13ef7e3685c4a648b92825ff7bde600e7c2efa2aff0699c8f4cbd06b5225f313
-
SHA512
36fe82804eaf16f9e669abb895b0a2687db98c42da78f805ab053e518c17211a3a4f305c4f8ec296525f2cbd4e76b028a1aed7a4b304e128439a3343228948b2
-
SSDEEP
24576:v2G/nvxW3WwXdptGjLB46VvbuhZUTd8hhUF54clNf7+6uHAW92zt/sWu2BSMCqD7:vbA3Zz+bKo54clgLH+tkWJ0N8X
Score10/10-
Detects Echelon Stealer payload
-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-