General

  • Target

    cac072f8a68bc55b1b6536d31191725dd68cb5d60859af3456b77e2f3576897c

  • Size

    413KB

  • Sample

    240424-3hetysbf25

  • MD5

    2d63dbeaea334cdf715103b805382f8c

  • SHA1

    1c4275305ae02bede10adb44763e0e34d6cac33e

  • SHA256

    cac072f8a68bc55b1b6536d31191725dd68cb5d60859af3456b77e2f3576897c

  • SHA512

    6d708301b62eb0452ac15856202af0c31b0309c8ec53dfd42d041f3087d0507558f71fa17a1fe91f46a35a8011d30adb26e94d1d7827eca9de349665a7e4354f

  • SSDEEP

    6144:7p2VfZltnPHFzJfwrmLGlZRyLfRnXQGlOFNoHYN/XtaddEL4tOqZ:7p2VBbnPHXfGMcyOGlOrkYedELuOqZ

Malware Config

Targets

    • Target

      cac072f8a68bc55b1b6536d31191725dd68cb5d60859af3456b77e2f3576897c

    • Size

      413KB

    • MD5

      2d63dbeaea334cdf715103b805382f8c

    • SHA1

      1c4275305ae02bede10adb44763e0e34d6cac33e

    • SHA256

      cac072f8a68bc55b1b6536d31191725dd68cb5d60859af3456b77e2f3576897c

    • SHA512

      6d708301b62eb0452ac15856202af0c31b0309c8ec53dfd42d041f3087d0507558f71fa17a1fe91f46a35a8011d30adb26e94d1d7827eca9de349665a7e4354f

    • SSDEEP

      6144:7p2VfZltnPHFzJfwrmLGlZRyLfRnXQGlOFNoHYN/XtaddEL4tOqZ:7p2VBbnPHXfGMcyOGlOrkYedELuOqZ

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks