echelon | 691082747fd405bbb70157b4f369416ff9b8f1f43f83237676d10247c368f1c9 | Triage

Sharing

General

Target

691082747fd405bbb70157b4f369416ff9b8f1f43f83237676d10247c368f1c9
Size

592KB
MD5

35af3f3e6f5a4bec5d919ab29f8cbafa
SHA1

9f84d6e133741bdaa8446ae4ce5afdea34703bff
SHA256

691082747fd405bbb70157b4f369416ff9b8f1f43f83237676d10247c368f1c9
SHA512

e078866d3b4bfc489ced1e328dc2fc074db4d8b401e878350331b37bee436ae4ae4acabdd2a5682792f5df3f7ca7322c335e99a78208443ad76ae2a7eecbfbd3
SSDEEP

12288:ga2QVmTNZLJLUf9snBS4csPYae6qfzDDAA:zmTNhhUF54clNf7DDB

Score

10^/10

echelon

Malware Config

Signatures

Detects Echelon Stealer payload 1 IoCs

resource	yara_rule
sample	family_echelon

Echelon family
echelon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
691082747fd405bbb70157b4f369416ff9b8f1f43f83237676d10247c368f1c9

Files

691082747fd405bbb70157b4f369416ff9b8f1f43f83237676d10247c368f1c9
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Den\Desktop\Echelon-Stealer-master\obj\Debug\Echelon.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 589KB - Virtual size: 589KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ