General
-
Target
53167ba94a450f8bcda36276b9d53687b52ec8852dff3397ba64f6efbfd4ec0e
-
Size
497KB
-
Sample
240420-kdkwasdb9v
-
MD5
dedd4ef7176809952c6b5b2492d4a972
-
SHA1
770537e96bfbe3e2dc352af8dfe6edb8a8c971bd
-
SHA256
53167ba94a450f8bcda36276b9d53687b52ec8852dff3397ba64f6efbfd4ec0e
-
SHA512
189ff05c388569af1ea5f871a16ef8fdb332a1c5f04c04b2e8079560ea195fa61ec25f85bb4f793c7d89f0acdee54f77531ff02acaf728b6677e00a0fcbfbd41
-
SSDEEP
12288:coIUKt8Ot1lyFLHoOPBvORzF38IjI1GCL7YdnLZjQ/4:coU8Ot1lyFLHoOxR0I1GGYdLZjy4
Static task
static1
Behavioral task
behavioral1
Sample
53167ba94a450f8bcda36276b9d53687b52ec8852dff3397ba64f6efbfd4ec0e.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
53167ba94a450f8bcda36276b9d53687b52ec8852dff3397ba64f6efbfd4ec0e
-
Size
497KB
-
MD5
dedd4ef7176809952c6b5b2492d4a972
-
SHA1
770537e96bfbe3e2dc352af8dfe6edb8a8c971bd
-
SHA256
53167ba94a450f8bcda36276b9d53687b52ec8852dff3397ba64f6efbfd4ec0e
-
SHA512
189ff05c388569af1ea5f871a16ef8fdb332a1c5f04c04b2e8079560ea195fa61ec25f85bb4f793c7d89f0acdee54f77531ff02acaf728b6677e00a0fcbfbd41
-
SSDEEP
12288:coIUKt8Ot1lyFLHoOPBvORzF38IjI1GCL7YdnLZjQ/4:coU8Ot1lyFLHoOxR0I1GGYdLZjy4
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-