General
-
Target
f6ed1f34f629ab51dba4c63dc57c1a91
-
Size
6.8MB
-
Sample
230321-gg7bxsah9v
-
MD5
f6ed1f34f629ab51dba4c63dc57c1a91
-
SHA1
b62bbeef12de9a18ecf785153b9b429bca733aba
-
SHA256
104645c74843e385754502a80a935156b585c6969fba1be83efe9b554a746560
-
SHA512
853b9c762d5ce15948b2a23e26f581b02ac16749157669fd8ec702e7cdab25aded95ece117b2ed971cedee9d4df724340ad946e8cb8e775bd749e7de61fb468d
-
SSDEEP
196608:7DANPFmCV+OoxomMRb4MGK3oI8XY2OqjoRK:70HPE+7GK3oVhOI
Static task
static1
Behavioral task
behavioral1
Sample
f6ed1f34f629ab51dba4c63dc57c1a91.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
f6ed1f34f629ab51dba4c63dc57c1a91
-
Size
6.8MB
-
MD5
f6ed1f34f629ab51dba4c63dc57c1a91
-
SHA1
b62bbeef12de9a18ecf785153b9b429bca733aba
-
SHA256
104645c74843e385754502a80a935156b585c6969fba1be83efe9b554a746560
-
SHA512
853b9c762d5ce15948b2a23e26f581b02ac16749157669fd8ec702e7cdab25aded95ece117b2ed971cedee9d4df724340ad946e8cb8e775bd749e7de61fb468d
-
SSDEEP
196608:7DANPFmCV+OoxomMRb4MGK3oI8XY2OqjoRK:70HPE+7GK3oVhOI
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-