Analysis
-
max time kernel
55s -
max time network
50s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
27-04-2024 01:28
Behavioral task
behavioral1
Sample
84b575b323f2bf336c245c6c29d82a674effe37640a60d52d3fbe3bab26482e7.exe
Resource
win7-20240221-en
windows7-x64
5 signatures
150 seconds
General
-
Target
84b575b323f2bf336c245c6c29d82a674effe37640a60d52d3fbe3bab26482e7.exe
-
Size
581KB
-
MD5
ef058437296cfc61901c367927a3ff4b
-
SHA1
3ad2da48fab1901a345fa1bd66d0de3ed0356346
-
SHA256
84b575b323f2bf336c245c6c29d82a674effe37640a60d52d3fbe3bab26482e7
-
SHA512
6063698b00c5abc241bd95a08807b1e31b4fe3fb75948ec8f036b55fa05c95c7aba8598846fcf78a5423da60ec6f915f6c8d835f900ea0bd384f5505b9a12c81
-
SSDEEP
12288:MiZA7E95GUmdgPp+ryZLJLUf9snBS4csPYae6qfzsAA:gEgryhhUF54clNf7sB
Malware Config
Signatures
-
Detects Echelon Stealer payload 1 IoCs
resource yara_rule behavioral2/memory/772-0-0x000002A7C1670000-0x000002A7C1708000-memory.dmp family_echelon -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 2 api.ipify.org -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 772 84b575b323f2bf336c245c6c29d82a674effe37640a60d52d3fbe3bab26482e7.exe