General

  • Target

    58b61b01f847a6699c6fc76d5d422441

  • Size

    5.6MB

  • Sample

    240113-mpqxsshdd6

  • MD5

    58b61b01f847a6699c6fc76d5d422441

  • SHA1

    05e2902da549bcdcd482b6c1386989a940f78a98

  • SHA256

    04c0bea905c97c8a483cc2733d6ceb96fa1b1733b35001492ad33247f5abb173

  • SHA512

    e7f8ae918e7bb027fb269e1b0dd22ec532d1de3c84d64abd771c5a110e0b7c30488ab9303953e054f72c5837af7cd6b635e14b5f91cd1f0a52304f28d717155d

  • SSDEEP

    98304:ORSObst7OWQkAhLMZZgwwpEonHb3I37GbJx9XYGrzFsZf+KDX1AHciZF16AzghYX:Otgtb9AVvfTn7G6JH/Ou11o6

Malware Config

Targets

    • Target

      58b61b01f847a6699c6fc76d5d422441

    • Size

      5.6MB

    • MD5

      58b61b01f847a6699c6fc76d5d422441

    • SHA1

      05e2902da549bcdcd482b6c1386989a940f78a98

    • SHA256

      04c0bea905c97c8a483cc2733d6ceb96fa1b1733b35001492ad33247f5abb173

    • SHA512

      e7f8ae918e7bb027fb269e1b0dd22ec532d1de3c84d64abd771c5a110e0b7c30488ab9303953e054f72c5837af7cd6b635e14b5f91cd1f0a52304f28d717155d

    • SSDEEP

      98304:ORSObst7OWQkAhLMZZgwwpEonHb3I37GbJx9XYGrzFsZf+KDX1AHciZF16AzghYX:Otgtb9AVvfTn7G6JH/Ou11o6

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks