General

  • Target

    36c12e81a9ff9968508791adcf873aebdeec6686ffd07e0660caa2c9aa8d3e5b

  • Size

    4.6MB

  • Sample

    240114-18p2haecb5

  • MD5

    0f2158c7cf501a6737f9af1532b34587

  • SHA1

    cc75bc40382ec3de6e6435be39576d4065a69b23

  • SHA256

    36c12e81a9ff9968508791adcf873aebdeec6686ffd07e0660caa2c9aa8d3e5b

  • SHA512

    9c7c0a7651cd9fc60f09155007a49514c46daee4c438bf34452671a18ce1235b537d2709b5688bab63ab2297a5bdbf108354dea38853315c64cf716c463ee4ab

  • SSDEEP

    98304:lz0+YRKLtMpuE1JRtzeT6LWm73D2wksKepNS:lzLYQLUuEJRtzeT6r764

Score
10/10

Malware Config

Targets

    • Target

      36c12e81a9ff9968508791adcf873aebdeec6686ffd07e0660caa2c9aa8d3e5b

    • Size

      4.6MB

    • MD5

      0f2158c7cf501a6737f9af1532b34587

    • SHA1

      cc75bc40382ec3de6e6435be39576d4065a69b23

    • SHA256

      36c12e81a9ff9968508791adcf873aebdeec6686ffd07e0660caa2c9aa8d3e5b

    • SHA512

      9c7c0a7651cd9fc60f09155007a49514c46daee4c438bf34452671a18ce1235b537d2709b5688bab63ab2297a5bdbf108354dea38853315c64cf716c463ee4ab

    • SSDEEP

      98304:lz0+YRKLtMpuE1JRtzeT6LWm73D2wksKepNS:lzLYQLUuEJRtzeT6r764

    Score
    10/10
    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Drops startup file

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks