General

  • Target

    1f8dec69b76f70a555ed82874354b58e662a6fc382b45784e2cae8ae2978398c

  • Size

    3.9MB

  • Sample

    240201-fe1kxsdebr

  • MD5

    6981e1fe652aea8534bc86365b2c1eea

  • SHA1

    4df342b95bff205f57bcf1b1740f26eaee1eac75

  • SHA256

    1f8dec69b76f70a555ed82874354b58e662a6fc382b45784e2cae8ae2978398c

  • SHA512

    b72a326df5848b4b95bc8bb9ca3970fb06de4bc1217f25e3c6d70e05c9d81cbba23298599b665f7c927498fba17cc57ecca99d71e354279f006c69fbd297be13

  • SSDEEP

    98304:mkvX9nnZHBwv59qYyHGqG1A6yPLD2LpvmB2jHNlRN+yFPEJbq:mkvX9nZHBwv59qOKD2dOcjHNlRau

Malware Config

Targets

    • Target

      1f8dec69b76f70a555ed82874354b58e662a6fc382b45784e2cae8ae2978398c

    • Size

      3.9MB

    • MD5

      6981e1fe652aea8534bc86365b2c1eea

    • SHA1

      4df342b95bff205f57bcf1b1740f26eaee1eac75

    • SHA256

      1f8dec69b76f70a555ed82874354b58e662a6fc382b45784e2cae8ae2978398c

    • SHA512

      b72a326df5848b4b95bc8bb9ca3970fb06de4bc1217f25e3c6d70e05c9d81cbba23298599b665f7c927498fba17cc57ecca99d71e354279f006c69fbd297be13

    • SSDEEP

      98304:mkvX9nnZHBwv59qYyHGqG1A6yPLD2LpvmB2jHNlRN+yFPEJbq:mkvX9nZHBwv59qOKD2dOcjHNlRau

    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks