General
-
Target
196260067dab3b1f74bbddeb6fd9a737ec82c27387cacfaf5c0b9a0153859b22
-
Size
446KB
-
Sample
240420-nl5gfsfe34
-
MD5
037e4f9de11b0e08f2bf20bf759d6f80
-
SHA1
c457564cb46b69478278e22cb6e65a0360ecf512
-
SHA256
196260067dab3b1f74bbddeb6fd9a737ec82c27387cacfaf5c0b9a0153859b22
-
SHA512
a9baa04b643d7a7951f3380fd7a705e2fb2e77ae73557b52b70a1480e762c5b3314c6886005b6532dc27069e2eee13228bbf5abe15c6030ceca66c7b967b869b
-
SSDEEP
6144:6ElKzhA3pzBB5Xhc1q9aZQ2mYJ1ok/gkkxWZXG0c4I+QXjQgP:2zhOzB7kZQPYJ1LgOa4IjQgP
Static task
static1
Behavioral task
behavioral1
Sample
196260067dab3b1f74bbddeb6fd9a737ec82c27387cacfaf5c0b9a0153859b22.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
196260067dab3b1f74bbddeb6fd9a737ec82c27387cacfaf5c0b9a0153859b22
-
Size
446KB
-
MD5
037e4f9de11b0e08f2bf20bf759d6f80
-
SHA1
c457564cb46b69478278e22cb6e65a0360ecf512
-
SHA256
196260067dab3b1f74bbddeb6fd9a737ec82c27387cacfaf5c0b9a0153859b22
-
SHA512
a9baa04b643d7a7951f3380fd7a705e2fb2e77ae73557b52b70a1480e762c5b3314c6886005b6532dc27069e2eee13228bbf5abe15c6030ceca66c7b967b869b
-
SSDEEP
6144:6ElKzhA3pzBB5Xhc1q9aZQ2mYJ1ok/gkkxWZXG0c4I+QXjQgP:2zhOzB7kZQPYJ1LgOa4IjQgP
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-