General

  • Target

    330d79f9b1f127b3cc0339af73fe2dd4581cbd67b69b3c10111abae01c69722c

  • Size

    5.0MB

  • Sample

    231224-2bae8acgcn

  • MD5

    9aa9073f51a1a830936a7fe8482bf750

  • SHA1

    6532c3e3cea4e64f3e335377730bfbf6b0b2b3e8

  • SHA256

    330d79f9b1f127b3cc0339af73fe2dd4581cbd67b69b3c10111abae01c69722c

  • SHA512

    38966002d116ae6723bfba86a5b1fc0439d3055563f3b2f6bd4f5a38728bcff8667a816a3e3978c3fd927cfdcfc2e868b68a94313a1b6d168eea968877a00384

  • SSDEEP

    98304:mtszBrLX3mOXy1djEi1Wb9ncEd6LU1tsKJ:mCzJX3Ni/jlWi4tsKJ

Malware Config

Targets

    • Target

      330d79f9b1f127b3cc0339af73fe2dd4581cbd67b69b3c10111abae01c69722c

    • Size

      5.0MB

    • MD5

      9aa9073f51a1a830936a7fe8482bf750

    • SHA1

      6532c3e3cea4e64f3e335377730bfbf6b0b2b3e8

    • SHA256

      330d79f9b1f127b3cc0339af73fe2dd4581cbd67b69b3c10111abae01c69722c

    • SHA512

      38966002d116ae6723bfba86a5b1fc0439d3055563f3b2f6bd4f5a38728bcff8667a816a3e3978c3fd927cfdcfc2e868b68a94313a1b6d168eea968877a00384

    • SSDEEP

      98304:mtszBrLX3mOXy1djEi1Wb9ncEd6LU1tsKJ:mCzJX3Ni/jlWi4tsKJ

    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks