General
-
Target
17193e86f62e20aa597407bec30d4fd3
-
Size
4.1MB
-
Sample
231230-njyacsgegk
-
MD5
17193e86f62e20aa597407bec30d4fd3
-
SHA1
75f85441c0b74c886b4b62381ec79b76b504fb54
-
SHA256
2a3551360d6eb7de27ba62c6a90f42440ab6d3d451149505c84842fced280429
-
SHA512
de15743cf8ef62438121641ed0b746b93eba339705b60473e253d4b3ff21835175c2d9226eca1e135b8e2dc27a3a87930e18221dd22d26c5b4c214cc9d47e4e6
-
SSDEEP
49152:Y1DWi0yNmET0fqOrCsPbqRGFOKrCgDBHVVCP2JfwDJfv0N2q6nlI0MTUdvAjPX3e:Y1DVTK8oFd9H/1Qib6nl4IaN1+Hlx
Malware Config
Targets
-
-
Target
17193e86f62e20aa597407bec30d4fd3
-
Size
4.1MB
-
MD5
17193e86f62e20aa597407bec30d4fd3
-
SHA1
75f85441c0b74c886b4b62381ec79b76b504fb54
-
SHA256
2a3551360d6eb7de27ba62c6a90f42440ab6d3d451149505c84842fced280429
-
SHA512
de15743cf8ef62438121641ed0b746b93eba339705b60473e253d4b3ff21835175c2d9226eca1e135b8e2dc27a3a87930e18221dd22d26c5b4c214cc9d47e4e6
-
SSDEEP
49152:Y1DWi0yNmET0fqOrCsPbqRGFOKrCgDBHVVCP2JfwDJfv0N2q6nlI0MTUdvAjPX3e:Y1DVTK8oFd9H/1Qib6nl4IaN1+Hlx
Score10/10-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-