General
-
Target
c7520155c1dce0d563e92fc24e0de2447186750b9a811574c05389303887d2c9
-
Size
497KB
-
Sample
240420-j73grscd49
-
MD5
8e3dc30bce76566ac9d5fd1e3e3fbc11
-
SHA1
388df4b1967ad3159eb2e6165ba6f3ec8d422c99
-
SHA256
c7520155c1dce0d563e92fc24e0de2447186750b9a811574c05389303887d2c9
-
SHA512
4c84116cbfa8c458fbf82ac1fe802961762399ebb3af53136145f28c1ddf69e18f37126b79140f1a4ec72b0650eb4fb2ce442e9633206864cbe25000629b3e57
-
SSDEEP
12288:coIUKt8Ot1lyFLHoOPBvORzF38IjI1GCL7YdnLZjQ/6:coU8Ot1lyFLHoOxR0I1GGYdLZjy6
Static task
static1
Behavioral task
behavioral1
Sample
c7520155c1dce0d563e92fc24e0de2447186750b9a811574c05389303887d2c9.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
c7520155c1dce0d563e92fc24e0de2447186750b9a811574c05389303887d2c9
-
Size
497KB
-
MD5
8e3dc30bce76566ac9d5fd1e3e3fbc11
-
SHA1
388df4b1967ad3159eb2e6165ba6f3ec8d422c99
-
SHA256
c7520155c1dce0d563e92fc24e0de2447186750b9a811574c05389303887d2c9
-
SHA512
4c84116cbfa8c458fbf82ac1fe802961762399ebb3af53136145f28c1ddf69e18f37126b79140f1a4ec72b0650eb4fb2ce442e9633206864cbe25000629b3e57
-
SSDEEP
12288:coIUKt8Ot1lyFLHoOPBvORzF38IjI1GCL7YdnLZjQ/6:coU8Ot1lyFLHoOxR0I1GGYdLZjy6
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-