Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    627194db7664b17a7a4bb8a492fc269783c0ed3d0b5297577c0b67e9bad7be14

  • Size

    407KB

  • Sample

    240424-s2fkgscf51

  • MD5

    f76286d743961fd81a1c2bd4454c7255

  • SHA1

    79a6660ce2c5a9911a7cdb725b8f2208f7916019

  • SHA256

    627194db7664b17a7a4bb8a492fc269783c0ed3d0b5297577c0b67e9bad7be14

  • SHA512

    93b32c36198c32dbb022482d7724632932b6baa13be52b35aa12ee8760138e336f45e790fedfacd0c935ab474b37e959615753342cb150ad06b73e02b1cb812d

  • SSDEEP

    6144:er74T6TZltEhd+g+/c62Rc1FDvkt+w2TJANHfkYTt9xUo/UPBAK:IET69bEhdJZuDh+kYZ9x8aK

Score
10/10
sectopratstealcratstealertrojan

Malware Config

Targets

    • Target

      627194db7664b17a7a4bb8a492fc269783c0ed3d0b5297577c0b67e9bad7be14

    • Size

      407KB

    • MD5

      f76286d743961fd81a1c2bd4454c7255

    • SHA1

      79a6660ce2c5a9911a7cdb725b8f2208f7916019

    • SHA256

      627194db7664b17a7a4bb8a492fc269783c0ed3d0b5297577c0b67e9bad7be14

    • SHA512

      93b32c36198c32dbb022482d7724632932b6baa13be52b35aa12ee8760138e336f45e790fedfacd0c935ab474b37e959615753342cb150ad06b73e02b1cb812d

    • SSDEEP

      6144:er74T6TZltEhd+g+/c62Rc1FDvkt+w2TJANHfkYTt9xUo/UPBAK:IET69bEhdJZuDh+kYZ9x8aK

    Score
    10/10
    sectopratstealcratstealertrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks