General

  • Target

    8931484a695b8055ecfd531ca1ca50142c511a1f40f363b04d5834ca79edbd3d

  • Size

    581KB

  • Sample

    240628-cd65jaxgmq

  • MD5

    c37b269ea7a17ff2991ab3047e1ab5ae

  • SHA1

    ee54cbb01b1370122983ad181659ead7bc134c7a

  • SHA256

    8931484a695b8055ecfd531ca1ca50142c511a1f40f363b04d5834ca79edbd3d

  • SHA512

    c23c70d2d477ac5cdfda9068c91b4a6c9ad382aca7610c54cbdcf80bc86b602cdb2a330fe93d59dee3df43e71dffc19ae65f9dade8804616d3b592ba59b915ff

  • SSDEEP

    12288:YctvPYVlNWEZkVlVrKZLJLUf9snBS4csPYae6qfzPAA:hsErKhhUF54clNf7PB

Malware Config

Targets

    • Target

      8931484a695b8055ecfd531ca1ca50142c511a1f40f363b04d5834ca79edbd3d

    • Size

      581KB

    • MD5

      c37b269ea7a17ff2991ab3047e1ab5ae

    • SHA1

      ee54cbb01b1370122983ad181659ead7bc134c7a

    • SHA256

      8931484a695b8055ecfd531ca1ca50142c511a1f40f363b04d5834ca79edbd3d

    • SHA512

      c23c70d2d477ac5cdfda9068c91b4a6c9ad382aca7610c54cbdcf80bc86b602cdb2a330fe93d59dee3df43e71dffc19ae65f9dade8804616d3b592ba59b915ff

    • SSDEEP

      12288:YctvPYVlNWEZkVlVrKZLJLUf9snBS4csPYae6qfzPAA:hsErKhhUF54clNf7PB

    • Detects Echelon Stealer payload

    • Echelon

      Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks