General

  • Target

    EchoBeta.exe

  • Size

    12.9MB

  • Sample

    240619-rpfjaawgll

  • MD5

    29d571adb0331e617837a2b15351ede4

  • SHA1

    2b51b7b6ad6d206e557c38b46458e88204ba6d42

  • SHA256

    d40a6467192562bae1ec861ac80e02d762ba67568c7b05ad3f2b6c6d4e6d5c6a

  • SHA512

    2ba7ea412532d32a822fc78fe492e9501d5bad90b997a1aced43d1703fa8fd80d034419a4f3e55ed5297b63a0ead58fca911127a2ecb1fa9a2ee5b53b40162c2

  • SSDEEP

    393216:FEk0iU1+TtIiFRCuARuAEFXmbQreEjGumyM06CH:FnU1QtIGCuAU8QKEQyM0T

Malware Config

Targets

    • Target

      EchoBeta.exe

    • Size

      12.9MB

    • MD5

      29d571adb0331e617837a2b15351ede4

    • SHA1

      2b51b7b6ad6d206e557c38b46458e88204ba6d42

    • SHA256

      d40a6467192562bae1ec861ac80e02d762ba67568c7b05ad3f2b6c6d4e6d5c6a

    • SHA512

      2ba7ea412532d32a822fc78fe492e9501d5bad90b997a1aced43d1703fa8fd80d034419a4f3e55ed5297b63a0ead58fca911127a2ecb1fa9a2ee5b53b40162c2

    • SSDEEP

      393216:FEk0iU1+TtIiFRCuARuAEFXmbQreEjGumyM06CH:FnU1QtIGCuAU8QKEQyM0T

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks