echelon | d6ca1276e7b7d3cb2b80c923344d224c | Triage

Sharing

General

Target

d6ca1276e7b7d3cb2b80c923344d224c
Size

1.0MB
MD5

d6ca1276e7b7d3cb2b80c923344d224c
SHA1

aba6992aff5b194d04b003bfeeca7bb4ff7c94e3
SHA256

c3a19079975435934b29b6240b39aea2c5695657cbec4d5e27d862edf1c61c7a
SHA512

727ef205904c12df9b4b85323f54913f07fde65f4cd715ecdb6345ba65fd6be0b0b95e89759036f9a0c90ba4c17616c25707996f0aed93d57970c84b240056e5
SSDEEP

24576:tjE5uYGhhUF54clNf7+6uHAW92zt/sWu2BSMCqDoRyE:1o54clgLH+tkWJ0N9

Score

10^/10

echelon

Malware Config

Signatures

Detects Echelon Stealer payload 1 IoCs

Processes:

resource yara_rule

sample family_echelon
Echelon family
echelon
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

d6ca1276e7b7d3cb2b80c923344d224c

Files

d6ca1276e7b7d3cb2b80c923344d224c
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Evil\Desktop\Echelon Stealer[modded by CoderVir] Update[2]\Elechon Stealer[modded by CoderVir] Update[2]\obj\x64\Release\CoderVir Stealer Love Lolz.guru.pdb

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ