General
-
Target
6ad791a223ab8bb728d8d27d371ae1f97ca419948af4bd660d4f84b1d34dc1a0.zip
-
Size
736KB
-
Sample
230321-rvmvjsah85
-
MD5
62ed019d78f124745202e5af9fe892dc
-
SHA1
f44504521b24620828b912e68745eb2772e3aa29
-
SHA256
59b7de2bc1f7034bccc74460898d0039e6d9edd567083f7176ce88cb909c994b
-
SHA512
efc6499e498af64850c565e2610389fe4cff874f40a4b56721a7199054e814e4a20dfb8c1986866bd94d36f9151b572765a5adc7fca83663e0d558ff527caaa9
-
SSDEEP
12288:Vd8AgmllOacNI6ra6G9TBqYbN5H4usVKXx5R6yRi1yqW/gp70DGU+MlTxqSJgzro:Vd8hmlsZDmf91dHLsVq561t870s
Malware Config
Targets
-
-
Target
6ad791a223ab8bb728d8d27d371ae1f97ca419948af4bd660d4f84b1d34dc1a0.exe
-
Size
1.9MB
-
MD5
f473ff1ba37b4f1ecbf113e0a03979cf
-
SHA1
9600f413fa59744941bdf3635c86faa9de7689c0
-
SHA256
6ad791a223ab8bb728d8d27d371ae1f97ca419948af4bd660d4f84b1d34dc1a0
-
SHA512
7541ea9a6a1b5a47d587364246f4c54fa5365e73233acc7aa6ef351cba1796dd5a610e1dab890f07a182e98d763005e12e3d91ec1b5fefcef3d506805808c511
-
SSDEEP
12288:LQqdWF4mPTWRETEK8zukxzWBvEqQnUbz7nqIVvu+KWzbCU9aMpIhO4RlWUNNGqR+:LdQDFV3V+SdSO4m
Score10/10-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
UAC bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-