General
-
Target
538af20cc47b76f65a2bb6daed037b48574a6f5feb21c22315633b4c451a10ba
-
Size
497KB
-
Sample
240420-clzenadg32
-
MD5
aff1866a4c9bf3226a842da8c12f7606
-
SHA1
0b51a9f10017b8cadb5903003dbc0d9e558760a3
-
SHA256
538af20cc47b76f65a2bb6daed037b48574a6f5feb21c22315633b4c451a10ba
-
SHA512
acc32bb2acbadfef4cea8fb98eac80588fd84dbafbcc28702d0af83e4691ef1473252c71d6b1fb12909b0b5c580a1dc3c9c09299a8d051c97473150dedc6b4a8
-
SSDEEP
12288:VBy70w/OnfLYTOOc411sVyL8/TtPnAUaPkcX38rese4uP:VBayfohBf5YJPnfXcXaeR4uP
Static task
static1
Behavioral task
behavioral1
Sample
538af20cc47b76f65a2bb6daed037b48574a6f5feb21c22315633b4c451a10ba.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
538af20cc47b76f65a2bb6daed037b48574a6f5feb21c22315633b4c451a10ba
-
Size
497KB
-
MD5
aff1866a4c9bf3226a842da8c12f7606
-
SHA1
0b51a9f10017b8cadb5903003dbc0d9e558760a3
-
SHA256
538af20cc47b76f65a2bb6daed037b48574a6f5feb21c22315633b4c451a10ba
-
SHA512
acc32bb2acbadfef4cea8fb98eac80588fd84dbafbcc28702d0af83e4691ef1473252c71d6b1fb12909b0b5c580a1dc3c9c09299a8d051c97473150dedc6b4a8
-
SSDEEP
12288:VBy70w/OnfLYTOOc411sVyL8/TtPnAUaPkcX38rese4uP:VBayfohBf5YJPnfXcXaeR4uP
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-