Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    196260067dab3b1f74bbddeb6fd9a737ec82c27387cacfaf5c0b9a0153859b22

  • Size

    446KB

  • Sample

    240420-nl5gfsfe34

  • MD5

    037e4f9de11b0e08f2bf20bf759d6f80

  • SHA1

    c457564cb46b69478278e22cb6e65a0360ecf512

  • SHA256

    196260067dab3b1f74bbddeb6fd9a737ec82c27387cacfaf5c0b9a0153859b22

  • SHA512

    a9baa04b643d7a7951f3380fd7a705e2fb2e77ae73557b52b70a1480e762c5b3314c6886005b6532dc27069e2eee13228bbf5abe15c6030ceca66c7b967b869b

  • SSDEEP

    6144:6ElKzhA3pzBB5Xhc1q9aZQ2mYJ1ok/gkkxWZXG0c4I+QXjQgP:2zhOzB7kZQPYJ1LgOa4IjQgP

Score
10/10
sectopratstealcratstealertrojan

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.209

Attributes
  • url_path

    /3cd2b41cbde8fc9c.php

Targets

    • Target

      196260067dab3b1f74bbddeb6fd9a737ec82c27387cacfaf5c0b9a0153859b22

    • Size

      446KB

    • MD5

      037e4f9de11b0e08f2bf20bf759d6f80

    • SHA1

      c457564cb46b69478278e22cb6e65a0360ecf512

    • SHA256

      196260067dab3b1f74bbddeb6fd9a737ec82c27387cacfaf5c0b9a0153859b22

    • SHA512

      a9baa04b643d7a7951f3380fd7a705e2fb2e77ae73557b52b70a1480e762c5b3314c6886005b6532dc27069e2eee13228bbf5abe15c6030ceca66c7b967b869b

    • SSDEEP

      6144:6ElKzhA3pzBB5Xhc1q9aZQ2mYJ1ok/gkkxWZXG0c4I+QXjQgP:2zhOzB7kZQPYJ1LgOa4IjQgP

    Score
    10/10
    sectopratstealcratstealertrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks