Overview

overview

10

Static

static

10

a28fd75888...64.exe

windows7-x64

10

a28fd75888...64.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a28fd758885394005a0420a25cbdf4b3b2de0839908c2854fd9a8b1a2d672a64

  • Size

    1.0MB

  • Sample

    240315-ch5r9sfh86

  • MD5

    930e7562f89df014ef1b057dd1fa4bde

  • SHA1

    62afddf1478753828c9910e5d1f1b565ab6761c7

  • SHA256

    a28fd758885394005a0420a25cbdf4b3b2de0839908c2854fd9a8b1a2d672a64

  • SHA512

    6c99d12963639c18398839d9bdb8133d12568c188d01b0e74c859e11d9cb0531352fac29fff437ea02cfc12cfa4ff6f780a013c68dfe373f40d3c936787acb6a

  • SSDEEP

    24576:kdJmFfqOqugtNDFQcLaBRyhhUF54clNf7/I:kqFyugzXho54cl

Score
10/10
echelonspywarestealervmprotect

Malware Config

Targets

    • Target

      a28fd758885394005a0420a25cbdf4b3b2de0839908c2854fd9a8b1a2d672a64

    • Size

      1.0MB

    • MD5

      930e7562f89df014ef1b057dd1fa4bde

    • SHA1

      62afddf1478753828c9910e5d1f1b565ab6761c7

    • SHA256

      a28fd758885394005a0420a25cbdf4b3b2de0839908c2854fd9a8b1a2d672a64

    • SHA512

      6c99d12963639c18398839d9bdb8133d12568c188d01b0e74c859e11d9cb0531352fac29fff437ea02cfc12cfa4ff6f780a013c68dfe373f40d3c936787acb6a

    • SSDEEP

      24576:kdJmFfqOqugtNDFQcLaBRyhhUF54clNf7/I:kqFyugzXho54cl

    Score
    10/10
    echelonspywarestealervmprotect

    • Detects Echelon Stealer payload

    • Echelon

      Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

      stealerspywareechelon

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks