C:\Users\Evil\Desktop\Echelon Stealer[modded by CoderVir] Update[2]\Elechon Stealer[modded by CoderVir] Update[2]\obj\x64\Release\CoderVir Stealer Love Lolz.guru.pdb
Behavioral task
behavioral1
Sample
d6ca1276e7b7d3cb2b80c923344d224c.exe
Resource
win7-20240221-en
General
-
Target
d6ca1276e7b7d3cb2b80c923344d224c
-
Size
1.0MB
-
MD5
d6ca1276e7b7d3cb2b80c923344d224c
-
SHA1
aba6992aff5b194d04b003bfeeca7bb4ff7c94e3
-
SHA256
c3a19079975435934b29b6240b39aea2c5695657cbec4d5e27d862edf1c61c7a
-
SHA512
727ef205904c12df9b4b85323f54913f07fde65f4cd715ecdb6345ba65fd6be0b0b95e89759036f9a0c90ba4c17616c25707996f0aed93d57970c84b240056e5
-
SSDEEP
24576:tjE5uYGhhUF54clNf7+6uHAW92zt/sWu2BSMCqDoRyE:1o54clgLH+tkWJ0N9
Malware Config
Signatures
-
Detects Echelon Stealer payload 1 IoCs
resource yara_rule sample family_echelon -
Echelon family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d6ca1276e7b7d3cb2b80c923344d224c
Files
-
d6ca1276e7b7d3cb2b80c923344d224c.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Sections
.text Size: 1.0MB - Virtual size: 1.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ