General

  • Target

    cac98fd47f3d1f7929ed1600304b4d4d3cfcb49fa323939dd39eb59342f2c2f5

  • Size

    1.3MB

  • Sample

    240825-f72npayekm

  • MD5

    14abfb51f8f57a091b87a733296c1523

  • SHA1

    947404f47050ef01f71493ccaec4f851f0c4eb30

  • SHA256

    cac98fd47f3d1f7929ed1600304b4d4d3cfcb49fa323939dd39eb59342f2c2f5

  • SHA512

    61d1149f2c911fa99bebc24a7a5b40a096fa87ddd8b7c7e44fa9acf47af066c56ff048605453458cf864b48d1b06d2440921170d1f15e819f5ffc9d47b57520d

  • SSDEEP

    24576:/qPvbuhZUTd8hhUF54clNf7+6uHAW92zt/sWu2BSMCqDoRX:obKo54clgLH+tkWJ0NJ

Malware Config

Targets

    • Target

      cac98fd47f3d1f7929ed1600304b4d4d3cfcb49fa323939dd39eb59342f2c2f5

    • Size

      1.3MB

    • MD5

      14abfb51f8f57a091b87a733296c1523

    • SHA1

      947404f47050ef01f71493ccaec4f851f0c4eb30

    • SHA256

      cac98fd47f3d1f7929ed1600304b4d4d3cfcb49fa323939dd39eb59342f2c2f5

    • SHA512

      61d1149f2c911fa99bebc24a7a5b40a096fa87ddd8b7c7e44fa9acf47af066c56ff048605453458cf864b48d1b06d2440921170d1f15e819f5ffc9d47b57520d

    • SSDEEP

      24576:/qPvbuhZUTd8hhUF54clNf7+6uHAW92zt/sWu2BSMCqDoRX:obKo54clgLH+tkWJ0NJ

    • Detects Echelon Stealer payload

    • Echelon

      Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks