General

  • Target

    53cbb87ebcaa51046685c3cf18d70f17.exe

  • Size

    2.2MB

  • Sample

    240111-y12zzsgdf5

  • MD5

    53cbb87ebcaa51046685c3cf18d70f17

  • SHA1

    351a2d586999aebd22f895c03365ac7020fca260

  • SHA256

    d49272abf8c1105c2808ccc5bb616e49c384e92f2e33491af1e402340a6bd0c6

  • SHA512

    587e4e5b68583474713bd7f5d631956839659e212c1cff315557cdfdfc2b5bc15052666dec3c8e99b50d9026b2c7a79ddc965839bc96db95abe045a5299b4b45

  • SSDEEP

    49152:X0V0NmpIsPw//BM8xDfsKf9G/qhFviFEtPGAsY17esnI8QvTvSDMgu52JAlHuoRc:kV0NoIsPw//BBxDVGyUEdNVnuTvSD8eN

Malware Config

Targets

    • Target

      53cbb87ebcaa51046685c3cf18d70f17.exe

    • Size

      2.2MB

    • MD5

      53cbb87ebcaa51046685c3cf18d70f17

    • SHA1

      351a2d586999aebd22f895c03365ac7020fca260

    • SHA256

      d49272abf8c1105c2808ccc5bb616e49c384e92f2e33491af1e402340a6bd0c6

    • SHA512

      587e4e5b68583474713bd7f5d631956839659e212c1cff315557cdfdfc2b5bc15052666dec3c8e99b50d9026b2c7a79ddc965839bc96db95abe045a5299b4b45

    • SSDEEP

      49152:X0V0NmpIsPw//BM8xDfsKf9G/qhFviFEtPGAsY17esnI8QvTvSDMgu52JAlHuoRc:kV0NoIsPw//BBxDVGyUEdNVnuTvSD8eN

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks