echelon | 9379dd7a04f70454202d5a44079b32d07d75e4e3d181df8047ed71a40b6892e4 | Triage

Sharing

General

Target

9379dd7a04f70454202d5a44079b32d07d75e4e3d181df8047ed71a40b6892e4
Size

581KB
MD5

6829e41244338f8c621d44e1e471207f
SHA1

54514e267b6f557d2b5690dd1054dbdcc2f0d4dd
SHA256

9379dd7a04f70454202d5a44079b32d07d75e4e3d181df8047ed71a40b6892e4
SHA512

83e4f091336c86bee3f88ff822f1e959d2031d2674d809c201d0f9e638f825da63cd0e11fa559b08f90a307bb53aa7fb897066cecc967ac801261b067fc6ba9c
SSDEEP

12288:vctvPYVlNWEZkVl5cnZLJLUf9snBS4csPYae6qfzaAA:4socnhhUF54clNf7aB

Score

10^/10

echelon

Malware Config

Signatures

Detects Echelon Stealer payload 1 IoCs

resource	yara_rule
sample	family_echelon

Echelon family
echelon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9379dd7a04f70454202d5a44079b32d07d75e4e3d181df8047ed71a40b6892e4

Files

9379dd7a04f70454202d5a44079b32d07d75e4e3d181df8047ed71a40b6892e4
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\mikky\OneDrive\Рабочий стол\Echelon-Stealer-master\obj\Release\Echelon.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 578KB - Virtual size: 578KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ