Behavioral task
behavioral1
Sample
262540bd67d01a52f4da9d01c2291c09b8547074aed875e5928df271da782893.exe
Resource
win7-20240221-en
General
-
Target
262540bd67d01a52f4da9d01c2291c09b8547074aed875e5928df271da782893
-
Size
1.1MB
-
MD5
fa5eb8fed006a2021e3166aa98840dbc
-
SHA1
1f4ed48d2d15eb7f8020cdf8f85fa4afe4d3cd40
-
SHA256
262540bd67d01a52f4da9d01c2291c09b8547074aed875e5928df271da782893
-
SHA512
0b8346723df23d96f8d7852eda94398b92c6c6dbc6f1ad40dbd16ad10d991975b958643b53e0722f83a088b4125c6d3e80ce143fc3d3f4236f2a3ae16bf4b76c
-
SSDEEP
12288:4flnY3KLykUX8rsfq4ZqugtyIPDFQk1cWGGJ7jZLJLUf9snBS4csPYae6qfz4uNa:4dqfqOqugtNDFQAjhhUF54clNf77BM
Malware Config
Signatures
-
Detects Echelon Stealer payload 1 IoCs
resource yara_rule sample family_echelon -
Echelon family
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 262540bd67d01a52f4da9d01c2291c09b8547074aed875e5928df271da782893
Files
-
262540bd67d01a52f4da9d01c2291c09b8547074aed875e5928df271da782893.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: - Virtual size: 570KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp0 Size: - Virtual size: 159KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 1.0MB - Virtual size: 1.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ