General

  • Target

    18c8f4022544bf2251e8b95555fa4a3e

  • Size

    6.1MB

  • Sample

    231225-mz2r2safd6

  • MD5

    18c8f4022544bf2251e8b95555fa4a3e

  • SHA1

    8348c4b785c767887b2ce18dc9b1c62141cb6396

  • SHA256

    72bda43e879bb6258c83bf71b99a1c6b088b7fa6b147c473ebc5005383e5a3d6

  • SHA512

    adc22cdab7ea8e35ab54ba494d669aea105aa1ad49d47fad3fb07ce8daee567d44da6745c40c28ad631e669e485bd78cbc63db90fd7c397d52120b1d376b9378

  • SSDEEP

    98304:3D2M2pgaPhhWSgYiAZFvMO5evocJ6SQFiv6ci/f69Cr4MnbI6LyHgZVKck0zAjDC:z2Fph/Wj5w5eVGFiDgZLEgnKcRAvdcd

Malware Config

Targets

    • Target

      18c8f4022544bf2251e8b95555fa4a3e

    • Size

      6.1MB

    • MD5

      18c8f4022544bf2251e8b95555fa4a3e

    • SHA1

      8348c4b785c767887b2ce18dc9b1c62141cb6396

    • SHA256

      72bda43e879bb6258c83bf71b99a1c6b088b7fa6b147c473ebc5005383e5a3d6

    • SHA512

      adc22cdab7ea8e35ab54ba494d669aea105aa1ad49d47fad3fb07ce8daee567d44da6745c40c28ad631e669e485bd78cbc63db90fd7c397d52120b1d376b9378

    • SSDEEP

      98304:3D2M2pgaPhhWSgYiAZFvMO5evocJ6SQFiv6ci/f69Cr4MnbI6LyHgZVKck0zAjDC:z2Fph/Wj5w5eVGFiDgZLEgnKcRAvdcd

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks