Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c7520155c1dce0d563e92fc24e0de2447186750b9a811574c05389303887d2c9

  • Size

    497KB

  • Sample

    240420-j73grscd49

  • MD5

    8e3dc30bce76566ac9d5fd1e3e3fbc11

  • SHA1

    388df4b1967ad3159eb2e6165ba6f3ec8d422c99

  • SHA256

    c7520155c1dce0d563e92fc24e0de2447186750b9a811574c05389303887d2c9

  • SHA512

    4c84116cbfa8c458fbf82ac1fe802961762399ebb3af53136145f28c1ddf69e18f37126b79140f1a4ec72b0650eb4fb2ce442e9633206864cbe25000629b3e57

  • SSDEEP

    12288:coIUKt8Ot1lyFLHoOPBvORzF38IjI1GCL7YdnLZjQ/6:coU8Ot1lyFLHoOxR0I1GGYdLZjy6

Score
10/10
sectopratstealcratstealertrojan

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.209

Attributes
  • url_path

    /3cd2b41cbde8fc9c.php

Targets

    • Target

      c7520155c1dce0d563e92fc24e0de2447186750b9a811574c05389303887d2c9

    • Size

      497KB

    • MD5

      8e3dc30bce76566ac9d5fd1e3e3fbc11

    • SHA1

      388df4b1967ad3159eb2e6165ba6f3ec8d422c99

    • SHA256

      c7520155c1dce0d563e92fc24e0de2447186750b9a811574c05389303887d2c9

    • SHA512

      4c84116cbfa8c458fbf82ac1fe802961762399ebb3af53136145f28c1ddf69e18f37126b79140f1a4ec72b0650eb4fb2ce442e9633206864cbe25000629b3e57

    • SSDEEP

      12288:coIUKt8Ot1lyFLHoOPBvORzF38IjI1GCL7YdnLZjQ/6:coU8Ot1lyFLHoOxR0I1GGYdLZjy6

    Score
    10/10
    stealcstealersectopratrattrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks