General
-
Target
321e6a225a302571d7c2e9d30a674ac2b5e35cd4104c8a5fdf30f5e9fd6fe669
-
Size
413KB
-
Sample
240424-yr2mvsge99
-
MD5
c520fbdf503c077229b505fdd4d6d883
-
SHA1
d266da1482eaf9df4ec4a237be0fc7ca27b331db
-
SHA256
321e6a225a302571d7c2e9d30a674ac2b5e35cd4104c8a5fdf30f5e9fd6fe669
-
SHA512
f2d2ee1f3dce2be69afa7f59f979103911a0581dea8eecb95bc58ef9427887242001e39ec2030c88d9e2afec13e875dbb776649ce724cb76cc7bd2b5adf11b25
-
SSDEEP
12288:49NL1baM8Gb2L1BZJMFiLrTSeLrkf8BIV+xdELuRaZ:kdaM8Gk1BoiLrTvkEBIVqELuRa
Static task
static1
Behavioral task
behavioral1
Sample
321e6a225a302571d7c2e9d30a674ac2b5e35cd4104c8a5fdf30f5e9fd6fe669.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
321e6a225a302571d7c2e9d30a674ac2b5e35cd4104c8a5fdf30f5e9fd6fe669.exe
Resource
win11-20240412-en
Malware Config
Targets
-
-
Target
321e6a225a302571d7c2e9d30a674ac2b5e35cd4104c8a5fdf30f5e9fd6fe669
-
Size
413KB
-
MD5
c520fbdf503c077229b505fdd4d6d883
-
SHA1
d266da1482eaf9df4ec4a237be0fc7ca27b331db
-
SHA256
321e6a225a302571d7c2e9d30a674ac2b5e35cd4104c8a5fdf30f5e9fd6fe669
-
SHA512
f2d2ee1f3dce2be69afa7f59f979103911a0581dea8eecb95bc58ef9427887242001e39ec2030c88d9e2afec13e875dbb776649ce724cb76cc7bd2b5adf11b25
-
SSDEEP
12288:49NL1baM8Gb2L1BZJMFiLrTSeLrkf8BIV+xdELuRaZ:kdaM8Gk1BoiLrTvkEBIVqELuRa
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-