Overview

overview

10

Static

static

7

1bdd9743ef...e6.exe

windows7-x64

10

1bdd9743ef...e6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1bdd9743ef074f26b32791236dcfaae6

  • Size

    2.4MB

  • Sample

    231225-nxy4tafacq

  • MD5

    1bdd9743ef074f26b32791236dcfaae6

  • SHA1

    e66c8bc439e9d47df0498a395ddb038912697346

  • SHA256

    b4548930086fa2b97d01f62f7ccfe582637ad53fd3e83ba409d00c2272d4403f

  • SHA512

    d61115642769aafc23e76869ea6096aae3dc08ce15570978b36e03ac639755657d3921e560ffc7e0706a7cb7a2ebc6a430ce0a95d6e27517102c49c7e21c80b9

  • SSDEEP

    49152:cCu9WOT0EW1foBA8gQNj/x5b/zFn6GKwLvj4oEMoR:cCuE1ECfK33/x5DFHKA49

Score
10/10
sectopratevasionratthemidatrojan

Malware Config

Targets

    • Target

      1bdd9743ef074f26b32791236dcfaae6

    • Size

      2.4MB

    • MD5

      1bdd9743ef074f26b32791236dcfaae6

    • SHA1

      e66c8bc439e9d47df0498a395ddb038912697346

    • SHA256

      b4548930086fa2b97d01f62f7ccfe582637ad53fd3e83ba409d00c2272d4403f

    • SHA512

      d61115642769aafc23e76869ea6096aae3dc08ce15570978b36e03ac639755657d3921e560ffc7e0706a7cb7a2ebc6a430ce0a95d6e27517102c49c7e21c80b9

    • SSDEEP

      49152:cCu9WOT0EW1foBA8gQNj/x5b/zFn6GKwLvj4oEMoR:cCuE1ECfK33/x5DFHKA49

    Score
    10/10
    sectopratevasionratthemidatrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks