General
-
Target
230332ce89437c1a16c4c6829a715a31ed16186bc8845374512a822a16287344
-
Size
4.5MB
-
Sample
231224-19vy5scddl
-
MD5
675b800b6c686fb7191bbb05d7bcb41e
-
SHA1
c9fe16641e847ea9eff621eb05981c068a47746c
-
SHA256
230332ce89437c1a16c4c6829a715a31ed16186bc8845374512a822a16287344
-
SHA512
0ba6b6e629d3fd7377323df3400cdc16b0b38d7946c7db27899e1b06f70acab8e3272b1e03f489ac7227d1de05b0401e927c44629937504080f7ed57bd1578b2
-
SSDEEP
98304:0gvxH405bdteNd8g5Px4G5CHky03T4PMefjvkmsdVfVOFTc4y:0gvd4abdtenNBCHkp3T4Uu4l3wQ
Static task
static1
Behavioral task
behavioral1
Sample
230332ce89437c1a16c4c6829a715a31ed16186bc8845374512a822a16287344.exe
Resource
win7-20231215-en
Malware Config
Targets
-
-
Target
230332ce89437c1a16c4c6829a715a31ed16186bc8845374512a822a16287344
-
Size
4.5MB
-
MD5
675b800b6c686fb7191bbb05d7bcb41e
-
SHA1
c9fe16641e847ea9eff621eb05981c068a47746c
-
SHA256
230332ce89437c1a16c4c6829a715a31ed16186bc8845374512a822a16287344
-
SHA512
0ba6b6e629d3fd7377323df3400cdc16b0b38d7946c7db27899e1b06f70acab8e3272b1e03f489ac7227d1de05b0401e927c44629937504080f7ed57bd1578b2
-
SSDEEP
98304:0gvxH405bdteNd8g5Px4G5CHky03T4PMefjvkmsdVfVOFTc4y:0gvd4abdtenNBCHkp3T4Uu4l3wQ
-
Detects Arechclient2 RAT
Arechclient2.
-
SectopRAT payload
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-