General

  • Target

    a6473b60456133112f36c7572fa9315b2a1f1b44270468dcda76cc31b293d81d

  • Size

    407KB

  • Sample

    240424-ykwg9sgd54

  • MD5

    4cc8887c065177a5f2555e9d725e69d9

  • SHA1

    f7938833f2a3a2cb7bb63d146c8de1680bc765f5

  • SHA256

    a6473b60456133112f36c7572fa9315b2a1f1b44270468dcda76cc31b293d81d

  • SHA512

    5a6c4e8cee2d33f9db40e76c28a9ccaaf652391d5c0e033ad5a68f35f9cf151d2d7d97b466acc4b663ca2145b44396a151c7bbd3d412165a2f19a6f302c20d9f

  • SSDEEP

    12288:TR9O+taKgZxoUe8NtddpJ3UMpZIedELuR:++0Px/TUaZIyELuR

Malware Config

Targets

    • Target

      a6473b60456133112f36c7572fa9315b2a1f1b44270468dcda76cc31b293d81d

    • Size

      407KB

    • MD5

      4cc8887c065177a5f2555e9d725e69d9

    • SHA1

      f7938833f2a3a2cb7bb63d146c8de1680bc765f5

    • SHA256

      a6473b60456133112f36c7572fa9315b2a1f1b44270468dcda76cc31b293d81d

    • SHA512

      5a6c4e8cee2d33f9db40e76c28a9ccaaf652391d5c0e033ad5a68f35f9cf151d2d7d97b466acc4b663ca2145b44396a151c7bbd3d412165a2f19a6f302c20d9f

    • SSDEEP

      12288:TR9O+taKgZxoUe8NtddpJ3UMpZIedELuR:++0Px/TUaZIyELuR

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks