General

  • Target

    a595e1cc3c5290e7ecb3ad3a38f1a2794841f4884aae649aaf76da86b5e719c5

  • Size

    592KB

  • Sample

    240512-bsw3fahh8t

  • MD5

    3c61bbe303455f65105343eb704427f7

  • SHA1

    cc26191729c29800dad8f60621f4a3ec98ccd989

  • SHA256

    a595e1cc3c5290e7ecb3ad3a38f1a2794841f4884aae649aaf76da86b5e719c5

  • SHA512

    0c44c3e0e7fac188316e1331521fa8196302abd842c55e412bdce97619d145bcf97f9d72208d4c94c39abce35bbb05fb18f8a044898fc3ad37af6048192c3129

  • SSDEEP

    12288:dDa2QVOu+ZLJLUf9snBS4csPYae6qfzmAA:SOu+hhUF54clNf7mB

Malware Config

Targets

    • Target

      a595e1cc3c5290e7ecb3ad3a38f1a2794841f4884aae649aaf76da86b5e719c5

    • Size

      592KB

    • MD5

      3c61bbe303455f65105343eb704427f7

    • SHA1

      cc26191729c29800dad8f60621f4a3ec98ccd989

    • SHA256

      a595e1cc3c5290e7ecb3ad3a38f1a2794841f4884aae649aaf76da86b5e719c5

    • SHA512

      0c44c3e0e7fac188316e1331521fa8196302abd842c55e412bdce97619d145bcf97f9d72208d4c94c39abce35bbb05fb18f8a044898fc3ad37af6048192c3129

    • SSDEEP

      12288:dDa2QVOu+ZLJLUf9snBS4csPYae6qfzmAA:SOu+hhUF54clNf7mB

    • Detects Echelon Stealer payload

    • Echelon

      Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks