General
-
Target
71674457d21249c28cec063d44baf6a856696105b156575bbb32794b0c6fbaf8
-
Size
497KB
-
Sample
240420-ggjwmaaf7x
-
MD5
92e5f7ec3c36861b9e9fa8c97721489e
-
SHA1
062251e2455413f91b1a109974ed6ae3ca2961fd
-
SHA256
71674457d21249c28cec063d44baf6a856696105b156575bbb32794b0c6fbaf8
-
SHA512
a433b21794364fc09f14772de8c6810773d1de46fc320e8bac42d85e42f79e355d4861555845eecd81f831caa313d11d146ccbd87236244214d60c25ef1895db
-
SSDEEP
12288:ZxAlJcDZTLLyd81ktNRAZPanQ5kWkc4UY:ZxOQTi+GH6Papc4UY
Static task
static1
Behavioral task
behavioral1
Sample
71674457d21249c28cec063d44baf6a856696105b156575bbb32794b0c6fbaf8.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
71674457d21249c28cec063d44baf6a856696105b156575bbb32794b0c6fbaf8
-
Size
497KB
-
MD5
92e5f7ec3c36861b9e9fa8c97721489e
-
SHA1
062251e2455413f91b1a109974ed6ae3ca2961fd
-
SHA256
71674457d21249c28cec063d44baf6a856696105b156575bbb32794b0c6fbaf8
-
SHA512
a433b21794364fc09f14772de8c6810773d1de46fc320e8bac42d85e42f79e355d4861555845eecd81f831caa313d11d146ccbd87236244214d60c25ef1895db
-
SSDEEP
12288:ZxAlJcDZTLLyd81ktNRAZPanQ5kWkc4UY:ZxOQTi+GH6Papc4UY
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-