General
-
Target
7e4e22c147699aefae6893ef1e3f78e017bab1f7771ecb823b54b8410a20c47a
-
Size
497KB
-
Sample
240420-gjjzeaaa95
-
MD5
fc28619227ead45d524043dea20f7f39
-
SHA1
13e2de078fc824e4ebfcddf17977f4db789c1959
-
SHA256
7e4e22c147699aefae6893ef1e3f78e017bab1f7771ecb823b54b8410a20c47a
-
SHA512
027cec065aeaaedc3071df454745b9d839f4f3cb36d13ca2a8c7ebd65be0332e295706811ae83e5966e1ff3754e2e335212ddfe39181738c4774a10c6f08b18d
-
SSDEEP
12288:ZxAlJcDZTLLyd81ktNRAZPanQ5kWkc4UV:ZxOQTi+GH6Papc4UV
Static task
static1
Behavioral task
behavioral1
Sample
7e4e22c147699aefae6893ef1e3f78e017bab1f7771ecb823b54b8410a20c47a.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
7e4e22c147699aefae6893ef1e3f78e017bab1f7771ecb823b54b8410a20c47a
-
Size
497KB
-
MD5
fc28619227ead45d524043dea20f7f39
-
SHA1
13e2de078fc824e4ebfcddf17977f4db789c1959
-
SHA256
7e4e22c147699aefae6893ef1e3f78e017bab1f7771ecb823b54b8410a20c47a
-
SHA512
027cec065aeaaedc3071df454745b9d839f4f3cb36d13ca2a8c7ebd65be0332e295706811ae83e5966e1ff3754e2e335212ddfe39181738c4774a10c6f08b18d
-
SSDEEP
12288:ZxAlJcDZTLLyd81ktNRAZPanQ5kWkc4UV:ZxOQTi+GH6Papc4UV
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-