Overview

overview

10

Static

static

7

d40fab4443...a1.exe

windows7-x64

10

d40fab4443...a1.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    d40fab4443e90a4f2fa843583c3f89a1

  • Size

    4.3MB

  • Sample

    240318-vp6l9adg84

  • MD5

    d40fab4443e90a4f2fa843583c3f89a1

  • SHA1

    f504eaf7a3139a12a58ecaee011ae6f486ec6297

  • SHA256

    ba2eb409f65dfd657cf72d02e0e385a4c7417598246ef7b8b8f3febce971cea9

  • SHA512

    5d6f36dc4115cc4b43feba51e93f660d7a26cddd00f725bc9342fd3bc3fc0547e981d8348e830809e63f03688fdd655195fdcbaaabb7d2e357458321f9785377

  • SSDEEP

    98304:XkhaGOiWEkYVcijHazK7Wv63x3ahmSxRYzFTu000eg:UhaGOPErrjH+KqI/SUzlb00e

Score
10/10
sectopratevasionratthemidatrojan

Malware Config

Targets

    • Target

      d40fab4443e90a4f2fa843583c3f89a1

    • Size

      4.3MB

    • MD5

      d40fab4443e90a4f2fa843583c3f89a1

    • SHA1

      f504eaf7a3139a12a58ecaee011ae6f486ec6297

    • SHA256

      ba2eb409f65dfd657cf72d02e0e385a4c7417598246ef7b8b8f3febce971cea9

    • SHA512

      5d6f36dc4115cc4b43feba51e93f660d7a26cddd00f725bc9342fd3bc3fc0547e981d8348e830809e63f03688fdd655195fdcbaaabb7d2e357458321f9785377

    • SSDEEP

      98304:XkhaGOiWEkYVcijHazK7Wv63x3ahmSxRYzFTu000eg:UhaGOPErrjH+KqI/SUzlb00e

    Score
    10/10
    sectopratevasionratthemidatrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks