General
-
Target
8be13fe1e2423e025aa2689e6c9515f52b90d4e42a3b43e494c3811a1a11f365
-
Size
581KB
-
Sample
250116-bdq8mstjgt
-
MD5
633623d5934a3eca511a9c20d6f28bd7
-
SHA1
bab4b31329c1e9862579e45a6266faa6a0f8a17d
-
SHA256
8be13fe1e2423e025aa2689e6c9515f52b90d4e42a3b43e494c3811a1a11f365
-
SHA512
ee2519f73b09a2c541cc9763a8c2f6cdb1c8d6aab89c876465a6d81f069b066d20f1825d4d5ca57a5a1ce6a2a7a39be5f05a7e58b5905ab901dc13c5c0225e5c
-
SSDEEP
12288:KAlxP4NiGiABi5Nl4vZLJLUf9snBS4csPYae6qfzkAA:R0Q4vhhUF54clNf7kB
Malware Config
Targets
-
-
Target
8be13fe1e2423e025aa2689e6c9515f52b90d4e42a3b43e494c3811a1a11f365
-
Size
581KB
-
MD5
633623d5934a3eca511a9c20d6f28bd7
-
SHA1
bab4b31329c1e9862579e45a6266faa6a0f8a17d
-
SHA256
8be13fe1e2423e025aa2689e6c9515f52b90d4e42a3b43e494c3811a1a11f365
-
SHA512
ee2519f73b09a2c541cc9763a8c2f6cdb1c8d6aab89c876465a6d81f069b066d20f1825d4d5ca57a5a1ce6a2a7a39be5f05a7e58b5905ab901dc13c5c0225e5c
-
SSDEEP
12288:KAlxP4NiGiABi5Nl4vZLJLUf9snBS4csPYae6qfzkAA:R0Q4vhhUF54clNf7kB
Score10/10-
Detects Echelon Stealer payload
-
Echelon
Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
-
Echelon family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-