General
-
Target
157386601c8d17122127317f13148e59455e2805eb4387c77269466959cf8d37
-
Size
446KB
-
Sample
240420-nsmj8aff98
-
MD5
d9f3edd22666d0238123a43a5336deef
-
SHA1
7712f92092557e62bff3c89756e78f564187df4b
-
SHA256
157386601c8d17122127317f13148e59455e2805eb4387c77269466959cf8d37
-
SHA512
8bf6facf19d441cbe620e664cc968e0c331b68e8f074df711befdddfb5fb2d7dc74bb27bb2782a73d4bc9b78862cde1443f1a246d6de3b23842c9014751b5948
-
SSDEEP
6144:6ElKzhA3pzBB5Xhc1q9aZQ2mYJ1ok/gkkxWZXG0c4I+QXjQgF:2zhOzB7kZQPYJ1LgOa4IjQgF
Static task
static1
Behavioral task
behavioral1
Sample
157386601c8d17122127317f13148e59455e2805eb4387c77269466959cf8d37.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
157386601c8d17122127317f13148e59455e2805eb4387c77269466959cf8d37
-
Size
446KB
-
MD5
d9f3edd22666d0238123a43a5336deef
-
SHA1
7712f92092557e62bff3c89756e78f564187df4b
-
SHA256
157386601c8d17122127317f13148e59455e2805eb4387c77269466959cf8d37
-
SHA512
8bf6facf19d441cbe620e664cc968e0c331b68e8f074df711befdddfb5fb2d7dc74bb27bb2782a73d4bc9b78862cde1443f1a246d6de3b23842c9014751b5948
-
SSDEEP
6144:6ElKzhA3pzBB5Xhc1q9aZQ2mYJ1ok/gkkxWZXG0c4I+QXjQgF:2zhOzB7kZQPYJ1LgOa4IjQgF
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-