Resubmissions

23-02-2023 14:03

230223-rcnzwsga69 10

20-01-2023 12:25

230120-plqhzaff6y 10

16-01-2023 12:00

230116-n6kyjsad9v 10

15-01-2023 04:12

230115-esqr7sdg4v 10

15-01-2023 04:01

230115-elc8jahg27 8

15-01-2023 03:56

230115-ehjk5shf75 8

15-01-2023 01:02

230115-bebjksbg8w 10

15-01-2023 00:38

230115-azcfyafg72 8

General

  • Target

    88b426437c97301982bf096306af1bde70caa0a9a99a60514b31d0fa0ea64afd.zip

  • Size

    1.6MB

  • Sample

    230223-rcnzwsga69

  • MD5

    f3816710cae8dc1dc854336398602b72

  • SHA1

    b63184301e8b5ea5875a74b954f9e2c21bdae419

  • SHA256

    271d8bf13f96188684e0f68446f16084ec6d8c231837c45e3ec3ebb73062574d

  • SHA512

    42feda2df53ba91f4ab1e4797c4b5e2dd73cc522aa9f39c75c8bb432fbf362586c8f15a40c31a52ba3053ec9b489349e22dde0e17987aa65c56bb6247ac49e2a

  • SSDEEP

    24576:Sf4FGfLNsFBNT8zv3k2bQvVGOcUTJR9RDQISvMAd9lMFLMXZaff3YlZmf2oeh03G:SAoMqzv3k2svVGOcCqjiLiYXY8Ow3G

Score
10/10

Malware Config

Targets

    • Target

      88b426437c97301982bf096306af1bde70caa0a9a99a60514b31d0fa0ea64afd

    • Size

      1.6MB

    • MD5

      9f7aaf3a9a3f325dd533ecc38d85a351

    • SHA1

      1ebdc55b96e11d9b924fbba8c5fa1799ff247970

    • SHA256

      88b426437c97301982bf096306af1bde70caa0a9a99a60514b31d0fa0ea64afd

    • SHA512

      0afdcb5362be67938d00baaeb3974af3ad2b7342c8024ec2390ce87bad4c6252e4c8277a0bb36979cdcb4036aa9f7dc93ac23f78acdd04033c3086fa3fd7286f

    • SSDEEP

      24576:yWmAFubS9dt9Mcp5CPu4YV5GaCxYiluVuTY4PRVGEw6GPDp5MwNrsJjF2GKGI8L:q29dRpYW4YV5QxYiET8ahPDMwNrs2y

    Score
    10/10
    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks