General

  • Target

    906623a415b6de1164c7798d3743a5fc06ca0ccc58ca76c8b35ef0a674991608

  • Size

    3.7MB

  • Sample

    240201-fj689sbfg8

  • MD5

    eca96e3eb1fe44265acc31373a1dadb9

  • SHA1

    3221c9a9d13cc4b0ae24b7d2cc807f18feb3ea4f

  • SHA256

    906623a415b6de1164c7798d3743a5fc06ca0ccc58ca76c8b35ef0a674991608

  • SHA512

    ce2829831d5e5bc8783dc1d871957184f48504bd2aa741456dab29dbdac72b1ad1c110964232655cae67992283dadfc96f46417bacb700b1bd55ba4b6494a6a1

  • SSDEEP

    98304:lbPH543INzdx/9yiXGBwmcFBcBL+PRao/Szic:lb/5cUxllGBgFamYF

Malware Config

Targets

    • Target

      906623a415b6de1164c7798d3743a5fc06ca0ccc58ca76c8b35ef0a674991608

    • Size

      3.7MB

    • MD5

      eca96e3eb1fe44265acc31373a1dadb9

    • SHA1

      3221c9a9d13cc4b0ae24b7d2cc807f18feb3ea4f

    • SHA256

      906623a415b6de1164c7798d3743a5fc06ca0ccc58ca76c8b35ef0a674991608

    • SHA512

      ce2829831d5e5bc8783dc1d871957184f48504bd2aa741456dab29dbdac72b1ad1c110964232655cae67992283dadfc96f46417bacb700b1bd55ba4b6494a6a1

    • SSDEEP

      98304:lbPH543INzdx/9yiXGBwmcFBcBL+PRao/Szic:lb/5cUxllGBgFamYF

    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks