General

  • Target

    b30991bbdb7339dad995227cd662f967cf3ec19fc5ed3f19d16bf84f74ba1019

  • Size

    407KB

  • Sample

    240424-ym865sgd7w

  • MD5

    4cf48aca3dae4f31bee73ba424519fa1

  • SHA1

    a6613b54c0d91e61e6a0807e102a9ef9076123c0

  • SHA256

    b30991bbdb7339dad995227cd662f967cf3ec19fc5ed3f19d16bf84f74ba1019

  • SHA512

    efcc3885998abfde1e5c519e30b91029e4fa70cd9ecdd27ef7f21144b40b73db113d5d07f6fb4ed1aa143066881afb979c5d366984d8ec1b15d787243f44d0f7

  • SSDEEP

    12288:TR9O+taKgZxoUe8NtddpJ3UMpZIedELuRv:++0Px/TUaZIyELuRv

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.76

Attributes
  • url_path

    /3cd2b41cbde8fc9c.php

Targets

    • Target

      b30991bbdb7339dad995227cd662f967cf3ec19fc5ed3f19d16bf84f74ba1019

    • Size

      407KB

    • MD5

      4cf48aca3dae4f31bee73ba424519fa1

    • SHA1

      a6613b54c0d91e61e6a0807e102a9ef9076123c0

    • SHA256

      b30991bbdb7339dad995227cd662f967cf3ec19fc5ed3f19d16bf84f74ba1019

    • SHA512

      efcc3885998abfde1e5c519e30b91029e4fa70cd9ecdd27ef7f21144b40b73db113d5d07f6fb4ed1aa143066881afb979c5d366984d8ec1b15d787243f44d0f7

    • SSDEEP

      12288:TR9O+taKgZxoUe8NtddpJ3UMpZIedELuRv:++0Px/TUaZIyELuRv

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks