General
-
Target
224e524958bb45d638403cc92f1f165ff8af5d8eff004663a542eddf25c03ddf
-
Size
5.1MB
-
Sample
231231-18jvgsfafl
-
MD5
51394a98af283b4c887a6b24f7c0c2ce
-
SHA1
96eef86677a6f6a3c94486df4abf62b2dbc1fbb0
-
SHA256
224e524958bb45d638403cc92f1f165ff8af5d8eff004663a542eddf25c03ddf
-
SHA512
1ae2a71bf0208b93cc8181acb8bf02a8b728e5449bad342b17ff5c5f7003e570ee82c2d3efe7e8720f003807d3b243bf87a0b155cc3bae64729288e943093ff7
-
SSDEEP
98304:Nm8puaHIkZOGV7sIUjcG96j/q9WQuX9EI5gqO80z0AAgHjxpaXU:HHdZOGV7jUjcG96w09tgqTe0ABlpaXU
Malware Config
Targets
-
-
Target
224e524958bb45d638403cc92f1f165ff8af5d8eff004663a542eddf25c03ddf
-
Size
5.1MB
-
MD5
51394a98af283b4c887a6b24f7c0c2ce
-
SHA1
96eef86677a6f6a3c94486df4abf62b2dbc1fbb0
-
SHA256
224e524958bb45d638403cc92f1f165ff8af5d8eff004663a542eddf25c03ddf
-
SHA512
1ae2a71bf0208b93cc8181acb8bf02a8b728e5449bad342b17ff5c5f7003e570ee82c2d3efe7e8720f003807d3b243bf87a0b155cc3bae64729288e943093ff7
-
SSDEEP
98304:Nm8puaHIkZOGV7sIUjcG96j/q9WQuX9EI5gqO80z0AAgHjxpaXU:HHdZOGV7jUjcG96w09tgqTe0ABlpaXU
Score10/10-
Detects Arechclient2 RAT
Arechclient2.
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-