General

  • Target

    230332ce89437c1a16c4c6829a715a31ed16186bc8845374512a822a16287344

  • Size

    4.5MB

  • Sample

    231224-19vy5scddl

  • MD5

    675b800b6c686fb7191bbb05d7bcb41e

  • SHA1

    c9fe16641e847ea9eff621eb05981c068a47746c

  • SHA256

    230332ce89437c1a16c4c6829a715a31ed16186bc8845374512a822a16287344

  • SHA512

    0ba6b6e629d3fd7377323df3400cdc16b0b38d7946c7db27899e1b06f70acab8e3272b1e03f489ac7227d1de05b0401e927c44629937504080f7ed57bd1578b2

  • SSDEEP

    98304:0gvxH405bdteNd8g5Px4G5CHky03T4PMefjvkmsdVfVOFTc4y:0gvd4abdtenNBCHkp3T4Uu4l3wQ

Malware Config

Targets

    • Target

      230332ce89437c1a16c4c6829a715a31ed16186bc8845374512a822a16287344

    • Size

      4.5MB

    • MD5

      675b800b6c686fb7191bbb05d7bcb41e

    • SHA1

      c9fe16641e847ea9eff621eb05981c068a47746c

    • SHA256

      230332ce89437c1a16c4c6829a715a31ed16186bc8845374512a822a16287344

    • SHA512

      0ba6b6e629d3fd7377323df3400cdc16b0b38d7946c7db27899e1b06f70acab8e3272b1e03f489ac7227d1de05b0401e927c44629937504080f7ed57bd1578b2

    • SSDEEP

      98304:0gvxH405bdteNd8g5Px4G5CHky03T4PMefjvkmsdVfVOFTc4y:0gvd4abdtenNBCHkp3T4Uu4l3wQ

    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks