General
-
Target
b7ef70fd636ee48e1a9cce3dff496d6835c86891478c8d1a1e5146200728a148
-
Size
497KB
-
Sample
240420-jcnp5abf82
-
MD5
255506cd3bf7204a2c0d3d2f7de4935b
-
SHA1
d51417e6828fba48d15750f458fcdeca260dd08e
-
SHA256
b7ef70fd636ee48e1a9cce3dff496d6835c86891478c8d1a1e5146200728a148
-
SHA512
8305febe9fb663a444231eee6636330bcbd577d8c697dd3a06a63b1c8e1cd18eb5a878935572d2441d2a4026250ae73b42fa3f65dcc93c4723e664e1a7e79d86
-
SSDEEP
12288:ZUw+RcJ4nTC26EllW11cZkUAbDnHz/dA14Tqa:ZUpFTHrXW93T/O4ua
Static task
static1
Behavioral task
behavioral1
Sample
b7ef70fd636ee48e1a9cce3dff496d6835c86891478c8d1a1e5146200728a148.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
b7ef70fd636ee48e1a9cce3dff496d6835c86891478c8d1a1e5146200728a148
-
Size
497KB
-
MD5
255506cd3bf7204a2c0d3d2f7de4935b
-
SHA1
d51417e6828fba48d15750f458fcdeca260dd08e
-
SHA256
b7ef70fd636ee48e1a9cce3dff496d6835c86891478c8d1a1e5146200728a148
-
SHA512
8305febe9fb663a444231eee6636330bcbd577d8c697dd3a06a63b1c8e1cd18eb5a878935572d2441d2a4026250ae73b42fa3f65dcc93c4723e664e1a7e79d86
-
SSDEEP
12288:ZUw+RcJ4nTC26EllW11cZkUAbDnHz/dA14Tqa:ZUpFTHrXW93T/O4ua
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-