General
-
Target
4219e5a081c62567d3fb9e490c2a7a3e.exe
-
Size
456KB
-
Sample
240428-ld7kqsce98
-
MD5
4219e5a081c62567d3fb9e490c2a7a3e
-
SHA1
9bca001a792bcb69b87b78e6f8e9d7e214e8655e
-
SHA256
7d7cc308f2cd107a42ea8c32e8c06d6b684417a1fa8951072a707a1838a2d3f5
-
SHA512
d94d23ac7060e309fbbe87bd8762f35fdcd516f66e626adf3522bef7c011619eb176441d0f0786765e9bc041644c81fc426ea0c99f9d3f052cb4c684badd04a1
-
SSDEEP
6144:Hb1m+ZBBrVw6UuNeqsGqJJ2hUOWXzt1YyQut4Mq75gQ/l67I2XDihjZd:7c+5vdsGguOt1YyN4MyN/EQZd
Static task
static1
Behavioral task
behavioral1
Sample
4219e5a081c62567d3fb9e490c2a7a3e.exe
Resource
win7-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.76
-
url_path
/8681490a59ad0e34.php
Targets
-
-
Target
4219e5a081c62567d3fb9e490c2a7a3e.exe
-
Size
456KB
-
MD5
4219e5a081c62567d3fb9e490c2a7a3e
-
SHA1
9bca001a792bcb69b87b78e6f8e9d7e214e8655e
-
SHA256
7d7cc308f2cd107a42ea8c32e8c06d6b684417a1fa8951072a707a1838a2d3f5
-
SHA512
d94d23ac7060e309fbbe87bd8762f35fdcd516f66e626adf3522bef7c011619eb176441d0f0786765e9bc041644c81fc426ea0c99f9d3f052cb4c684badd04a1
-
SSDEEP
6144:Hb1m+ZBBrVw6UuNeqsGqJJ2hUOWXzt1YyQut4Mq75gQ/l67I2XDihjZd:7c+5vdsGguOt1YyN4MyN/EQZd
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-