General
-
Target
9f10349504fae0960f2cf133ccf21252.exe
-
Size
456KB
-
Sample
240428-gtqvpshh41
-
MD5
9f10349504fae0960f2cf133ccf21252
-
SHA1
73a89cb697803cc046362bc68027e184e83b4e45
-
SHA256
850b16ddca4fb0ec70a60e534bc3c75aac0f0b6d2af52674d09ec7bd75dd6938
-
SHA512
aab1c7f04f58f06abe7a1a433d8f209871457b893f2f894532e4cf4c543faab53ce8a5f0918cafe1d8b9ea485c556a55c45805a88114cd031ee5e6d085745711
-
SSDEEP
12288:SMAzoV3Y9YLR4W/Rt7yL794skEZUXwE8:IoV3Y9YLRN/XQUOUXwE8
Static task
static1
Behavioral task
behavioral1
Sample
9f10349504fae0960f2cf133ccf21252.exe
Resource
win7-20240221-en
Malware Config
Extracted
stealc
http://185.172.128.76
-
url_path
/8681490a59ad0e34.php
Targets
-
-
Target
9f10349504fae0960f2cf133ccf21252.exe
-
Size
456KB
-
MD5
9f10349504fae0960f2cf133ccf21252
-
SHA1
73a89cb697803cc046362bc68027e184e83b4e45
-
SHA256
850b16ddca4fb0ec70a60e534bc3c75aac0f0b6d2af52674d09ec7bd75dd6938
-
SHA512
aab1c7f04f58f06abe7a1a433d8f209871457b893f2f894532e4cf4c543faab53ce8a5f0918cafe1d8b9ea485c556a55c45805a88114cd031ee5e6d085745711
-
SSDEEP
12288:SMAzoV3Y9YLR4W/Rt7yL794skEZUXwE8:IoV3Y9YLRN/XQUOUXwE8
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-