Analysis
-
max time kernel
55s -
max time network
50s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
27-04-2024 01:28
General
-
Target
84b575b323f2bf336c245c6c29d82a674effe37640a60d52d3fbe3bab26482e7.exe
-
Size
581KB
-
MD5
ef058437296cfc61901c367927a3ff4b
-
SHA1
3ad2da48fab1901a345fa1bd66d0de3ed0356346
-
SHA256
84b575b323f2bf336c245c6c29d82a674effe37640a60d52d3fbe3bab26482e7
-
SHA512
6063698b00c5abc241bd95a08807b1e31b4fe3fb75948ec8f036b55fa05c95c7aba8598846fcf78a5423da60ec6f915f6c8d835f900ea0bd384f5505b9a12c81
-
SSDEEP
12288:MiZA7E95GUmdgPp+ryZLJLUf9snBS4csPYae6qfzsAA:gEgryhhUF54clNf7sB
Score
10/10
Malware Config
Signatures
-
Detects Echelon Stealer payload 1 IoCs
-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\84b575b323f2bf336c245c6c29d82a674effe37640a60d52d3fbe3bab26482e7.exe"C:\Users\Admin\AppData\Local\Temp\84b575b323f2bf336c245c6c29d82a674effe37640a60d52d3fbe3bab26482e7.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
608KB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
10.8MB