General
-
Target
501444c9d25c15ca62bafe062b6bb8a3b3f69f0ca13aff057e3b8b1a0595f3a4
-
Size
2.8MB
-
Sample
230805-em6lgaff49
-
MD5
f290ed868caae994bbfae1b63aca1d28
-
SHA1
5ac7b60e56281dc0c72f7c1125b165867df56ed9
-
SHA256
501444c9d25c15ca62bafe062b6bb8a3b3f69f0ca13aff057e3b8b1a0595f3a4
-
SHA512
c7e79af2f49c52c73bf95bbe92890edacbaaf0ea2648e475b312bc1b4831a5607e20bf8ce717de9b396620111cd3f1788d9aae86fd6f4dd168167af2a59d2b42
-
SSDEEP
49152:wGWR1Nr9QTV+jfVItISk9iojj2wLs47a8rHW60EANyBO83mpO+E/tfl:wGWR1NWTVw3Aka8C60FNT83m9EV9
Malware Config
Targets
-
-
Target
501444c9d25c15ca62bafe062b6bb8a3b3f69f0ca13aff057e3b8b1a0595f3a4
-
Size
2.8MB
-
MD5
f290ed868caae994bbfae1b63aca1d28
-
SHA1
5ac7b60e56281dc0c72f7c1125b165867df56ed9
-
SHA256
501444c9d25c15ca62bafe062b6bb8a3b3f69f0ca13aff057e3b8b1a0595f3a4
-
SHA512
c7e79af2f49c52c73bf95bbe92890edacbaaf0ea2648e475b312bc1b4831a5607e20bf8ce717de9b396620111cd3f1788d9aae86fd6f4dd168167af2a59d2b42
-
SSDEEP
49152:wGWR1Nr9QTV+jfVItISk9iojj2wLs47a8rHW60EANyBO83mpO+E/tfl:wGWR1NWTVw3Aka8C60FNT83m9EV9
Score10/10-
Detects Arechclient2 RAT
Arechclient2.
-
Detects DLL dropped by Raspberry Robin.
Raspberry Robin.
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-