General
-
Target
819b5fb73253e7d3f28317e55d8abe50_JaffaCakes118
-
Size
3.0MB
-
Sample
240402-dc1rssee71
-
MD5
819b5fb73253e7d3f28317e55d8abe50
-
SHA1
7cf2d9e29f7920fbae1ef3b85de9acdf3a4aca92
-
SHA256
d74b85d646feda822c37e75a040d6f78c5bb77a2bff573cd1b979a6cee24e14a
-
SHA512
fd1a72f47c123db28581c4dd38dfe8a2beddee7d48bde58c73095b78e3d786af17313178655e61764a8fd60f64c99877e450d1d8cef5499d1addc89cacfde78d
-
SSDEEP
49152:sU4hts+ogRQExtgK2NQaovxFiTMboJz75izELu2JuqlVu222lgqvsAMLoTAeGaVU:ghtxoiQQacxLbQz75xTVu2YEAxax
Malware Config
Targets
-
-
Target
819b5fb73253e7d3f28317e55d8abe50_JaffaCakes118
-
Size
3.0MB
-
MD5
819b5fb73253e7d3f28317e55d8abe50
-
SHA1
7cf2d9e29f7920fbae1ef3b85de9acdf3a4aca92
-
SHA256
d74b85d646feda822c37e75a040d6f78c5bb77a2bff573cd1b979a6cee24e14a
-
SHA512
fd1a72f47c123db28581c4dd38dfe8a2beddee7d48bde58c73095b78e3d786af17313178655e61764a8fd60f64c99877e450d1d8cef5499d1addc89cacfde78d
-
SSDEEP
49152:sU4hts+ogRQExtgK2NQaovxFiTMboJz75izELu2JuqlVu222lgqvsAMLoTAeGaVU:ghtxoiQQacxLbQz75xTVu2YEAxax
Score10/10-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-