echelon | f434179beb8eb2897362648c6ba97c99b7747cdad56da4336135deef4c56c04b | Triage

Sharing

General

Target

f434179beb8eb2897362648c6ba97c99b7747cdad56da4336135deef4c56c04b
Size

581KB
MD5

3360120055173db774e063dcea258471
SHA1

2b5c28b8775dad0fcbf8b96998ad2f44970f71e6
SHA256

f434179beb8eb2897362648c6ba97c99b7747cdad56da4336135deef4c56c04b
SHA512

a8f8cd83783cfb9017b30c291bac9a96b2e41f107738459928d15e7337632a946881ab1095115eb4f47db56a74026cd05cc8efba593504d333605d9cb7fe36d9
SSDEEP

12288:OWZ/TM1Y8AyNCzJciFZLJLUf9snBS4csPYae6qfzRAA:B8LiFhhUF54clNf7RB

Score

10^/10

echelon

Malware Config

Signatures

Detects Echelon Stealer payload 1 IoCs

resource	yara_rule
sample	family_echelon

Echelon family
echelon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f434179beb8eb2897362648c6ba97c99b7747cdad56da4336135deef4c56c04b

Files

f434179beb8eb2897362648c6ba97c99b7747cdad56da4336135deef4c56c04b
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\yusuf\OneDrive\Desktop\Echelon-Stealer-master\obj\Release\Echelon.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 578KB - Virtual size: 578KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ