General

  • Target

    95d6d6f5a0983971c8a5a9104f2b34729e8e764febb8e520c0576de86f17c6c8

  • Size

    5.1MB

  • Sample

    231224-2k8dlsgbc9

  • MD5

    6fea5fced6907510c8cf57e8f0c5756c

  • SHA1

    794080c6a2dc58d14cc7e64cd9f967c08a07b41d

  • SHA256

    95d6d6f5a0983971c8a5a9104f2b34729e8e764febb8e520c0576de86f17c6c8

  • SHA512

    fe2fa3b6ffe62c3ff605725467533dbc8d836f7f3de8e8c12e97b0948d8eba67b873d078d8238905f151106d8560a279cda981bb6b1d11baa6f4607590ab3210

  • SSDEEP

    98304:zJgjK5c+d60x3Cd28xQ027Rr6LMCh6D2LW4p+B3mk4zAKrO6G65VT/xs:qO/Fy08xQ17Bs6QjQ30rHjw

Malware Config

Targets

    • Target

      95d6d6f5a0983971c8a5a9104f2b34729e8e764febb8e520c0576de86f17c6c8

    • Size

      5.1MB

    • MD5

      6fea5fced6907510c8cf57e8f0c5756c

    • SHA1

      794080c6a2dc58d14cc7e64cd9f967c08a07b41d

    • SHA256

      95d6d6f5a0983971c8a5a9104f2b34729e8e764febb8e520c0576de86f17c6c8

    • SHA512

      fe2fa3b6ffe62c3ff605725467533dbc8d836f7f3de8e8c12e97b0948d8eba67b873d078d8238905f151106d8560a279cda981bb6b1d11baa6f4607590ab3210

    • SSDEEP

      98304:zJgjK5c+d60x3Cd28xQ027Rr6LMCh6D2LW4p+B3mk4zAKrO6G65VT/xs:qO/Fy08xQ17Bs6QjQ30rHjw

    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks