General

  • Target

    77735e1da724a93264a79607382ef949ba0e929e47909ee24f68389c6427cadf

  • Size

    407KB

  • Sample

    240424-ylsg1agd73

  • MD5

    ab6027f0e210a7b4ab1877da9649fa9d

  • SHA1

    0f6e64f9afc0238155011d84bfb40daf4d1edf1b

  • SHA256

    77735e1da724a93264a79607382ef949ba0e929e47909ee24f68389c6427cadf

  • SHA512

    25c1e18ef29708381e0cc6a08b9b8d8ba7af7857c280ff4c49e30f8ce72c78f01a6857c25496b473718d1e1b090506eecc9e2d63f1a2190c580e73aa55e50f05

  • SSDEEP

    12288:TR9O+taKgZxoUe8NtddpJ3UMpZIedELuRq:++0Px/TUaZIyELuRq

Malware Config

Targets

    • Target

      77735e1da724a93264a79607382ef949ba0e929e47909ee24f68389c6427cadf

    • Size

      407KB

    • MD5

      ab6027f0e210a7b4ab1877da9649fa9d

    • SHA1

      0f6e64f9afc0238155011d84bfb40daf4d1edf1b

    • SHA256

      77735e1da724a93264a79607382ef949ba0e929e47909ee24f68389c6427cadf

    • SHA512

      25c1e18ef29708381e0cc6a08b9b8d8ba7af7857c280ff4c49e30f8ce72c78f01a6857c25496b473718d1e1b090506eecc9e2d63f1a2190c580e73aa55e50f05

    • SSDEEP

      12288:TR9O+taKgZxoUe8NtddpJ3UMpZIedELuRq:++0Px/TUaZIyELuRq

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks