General

  • Target

    fd927c3c6a733cab18a4f657a605682c6d043728442d0d2fe4dd1d464fb0d7ec

  • Size

    5.4MB

  • Sample

    231224-2v8gcsgfeq

  • MD5

    0947fab2dc35b66694760c51d7073ed5

  • SHA1

    3e2cd6875db025c07280166bdf038c872d9c9d03

  • SHA256

    fd927c3c6a733cab18a4f657a605682c6d043728442d0d2fe4dd1d464fb0d7ec

  • SHA512

    09b2109e3988dca99d55574e988cc5333817a7424f88aef01175492db89630f231a259a5cc9fdb1bbf43985d9969feb445f0ef76739b582b5d639f85a22b4350

  • SSDEEP

    98304:ZjwIyFNlPJuU+YTrn2RILFifv6T4WLeUcP48MppHlAnB:dyFN7uU+YfzJifm4xUoMjlmB

Malware Config

Targets

    • Target

      fd927c3c6a733cab18a4f657a605682c6d043728442d0d2fe4dd1d464fb0d7ec

    • Size

      5.4MB

    • MD5

      0947fab2dc35b66694760c51d7073ed5

    • SHA1

      3e2cd6875db025c07280166bdf038c872d9c9d03

    • SHA256

      fd927c3c6a733cab18a4f657a605682c6d043728442d0d2fe4dd1d464fb0d7ec

    • SHA512

      09b2109e3988dca99d55574e988cc5333817a7424f88aef01175492db89630f231a259a5cc9fdb1bbf43985d9969feb445f0ef76739b582b5d639f85a22b4350

    • SSDEEP

      98304:ZjwIyFNlPJuU+YTrn2RILFifv6T4WLeUcP48MppHlAnB:dyFN7uU+YfzJifm4xUoMjlmB

    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks