echelon | 97880ddd0dd524ff9c3bc68832b2db68c26619c7e923c4cf697b05cdac0b0e7e | Triage

Sharing

General

Target

fb42a4d9e7a418782eacac2efeeb9acb_JaffaCakes118
Size

1.0MB
Sample

240419-1xlvpshe3z
MD5

fb42a4d9e7a418782eacac2efeeb9acb
SHA1

cc5a54f5b8cc11ebc3f45f1d734d2f5fa821e77a
SHA256

97880ddd0dd524ff9c3bc68832b2db68c26619c7e923c4cf697b05cdac0b0e7e
SHA512

063b3d9f0f9cd0d56eff2dc2c2504c3ac51a57cfbd75ee2b901508b48e9a0f61b3ef4a20fffd13376a31006644fa76f9640306f57a76d2446ca56584bad95180
SSDEEP

24576:tfQYosxhhUF54clNf7+6uHAW92zt/sWu2BSMCqDoRt+Gn:To54clgLH+tkWJ0Nb

Score

10^/10

echelon spyware stealer

Malware Config

Targets

- Target
  
  fb42a4d9e7a418782eacac2efeeb9acb_JaffaCakes118
- Size
  
  1.0MB
- MD5
  
  fb42a4d9e7a418782eacac2efeeb9acb
- SHA1
  
  cc5a54f5b8cc11ebc3f45f1d734d2f5fa821e77a
- SHA256
  
  97880ddd0dd524ff9c3bc68832b2db68c26619c7e923c4cf697b05cdac0b0e7e
- SHA512
  
  063b3d9f0f9cd0d56eff2dc2c2504c3ac51a57cfbd75ee2b901508b48e9a0f61b3ef4a20fffd13376a31006644fa76f9640306f57a76d2446ca56584bad95180
- SSDEEP
  
  24576:tfQYosxhhUF54clNf7+6uHAW92zt/sWu2BSMCqDoRt+Gn:To54clgLH+tkWJ0Nb
Score

10^/10

echelon spyware stealer
- Echelon
  Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
  stealer spyware echelon
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

echelonspywarestealer