General
-
Target
8d6ba5b508f3377849eb1aa298000583c66e81ac9304c23ca86d1c8c6e46c458
-
Size
592KB
-
Sample
240531-b2xqbsbe55
-
MD5
4adf2dcdd159d53b5b783534fe72ab9e
-
SHA1
9b06ed6123769b99fb9367162df0de08af72d280
-
SHA256
8d6ba5b508f3377849eb1aa298000583c66e81ac9304c23ca86d1c8c6e46c458
-
SHA512
8056de9abf8a9d9329f0b6e2d324049e6c30770c4073e5cd515a10f73e85ee11c47dda93625cba203d0af633c8be5adffdb289eeb657212e8112ee1d629f6e6c
-
SSDEEP
12288:QPWs8S7TzZLJLUf9snBS4csPYae6qfzIAA:87TzhhUF54clNf7IB
Malware Config
Targets
-
-
Target
8d6ba5b508f3377849eb1aa298000583c66e81ac9304c23ca86d1c8c6e46c458
-
Size
592KB
-
MD5
4adf2dcdd159d53b5b783534fe72ab9e
-
SHA1
9b06ed6123769b99fb9367162df0de08af72d280
-
SHA256
8d6ba5b508f3377849eb1aa298000583c66e81ac9304c23ca86d1c8c6e46c458
-
SHA512
8056de9abf8a9d9329f0b6e2d324049e6c30770c4073e5cd515a10f73e85ee11c47dda93625cba203d0af633c8be5adffdb289eeb657212e8112ee1d629f6e6c
-
SSDEEP
12288:QPWs8S7TzZLJLUf9snBS4csPYae6qfzIAA:87TzhhUF54clNf7IB
Score10/10-
Detects Echelon Stealer payload
-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-