General

  • Target

    5840b28d0e6e88d0bd44803d74faf62b

  • Size

    2.6MB

  • Sample

    240113-hj2d5aedh9

  • MD5

    5840b28d0e6e88d0bd44803d74faf62b

  • SHA1

    24f30bb0de4b05b29db76a234b5b7a2d9331fc50

  • SHA256

    94f4e88d6d4dd425968bd6a683d3b5722eb3bd52e9d89be85771c5490930871d

  • SHA512

    f66c5e831f0c78ef27a8948248cd49007ac86273351f00809090a3481399ed89ffef81576ce8c3990a1b2830396812dfa9c4690984eb63a3c34f076de68ac3ee

  • SSDEEP

    49152:2CErthheABivIh1aY/7mECJCX1m13Uif0OBWXQ8TcdVoY4JExZ1noktkdWemIO4:2CmVzXhz/7mECJCX1ab/IA8uVP42LokY

Malware Config

Targets

    • Target

      5840b28d0e6e88d0bd44803d74faf62b

    • Size

      2.6MB

    • MD5

      5840b28d0e6e88d0bd44803d74faf62b

    • SHA1

      24f30bb0de4b05b29db76a234b5b7a2d9331fc50

    • SHA256

      94f4e88d6d4dd425968bd6a683d3b5722eb3bd52e9d89be85771c5490930871d

    • SHA512

      f66c5e831f0c78ef27a8948248cd49007ac86273351f00809090a3481399ed89ffef81576ce8c3990a1b2830396812dfa9c4690984eb63a3c34f076de68ac3ee

    • SSDEEP

      49152:2CErthheABivIh1aY/7mECJCX1m13Uif0OBWXQ8TcdVoY4JExZ1noktkdWemIO4:2CmVzXhz/7mECJCX1ab/IA8uVP42LokY

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks