General

  • Target

    321e6a225a302571d7c2e9d30a674ac2b5e35cd4104c8a5fdf30f5e9fd6fe669

  • Size

    413KB

  • Sample

    240424-yr2mvsge99

  • MD5

    c520fbdf503c077229b505fdd4d6d883

  • SHA1

    d266da1482eaf9df4ec4a237be0fc7ca27b331db

  • SHA256

    321e6a225a302571d7c2e9d30a674ac2b5e35cd4104c8a5fdf30f5e9fd6fe669

  • SHA512

    f2d2ee1f3dce2be69afa7f59f979103911a0581dea8eecb95bc58ef9427887242001e39ec2030c88d9e2afec13e875dbb776649ce724cb76cc7bd2b5adf11b25

  • SSDEEP

    12288:49NL1baM8Gb2L1BZJMFiLrTSeLrkf8BIV+xdELuRaZ:kdaM8Gk1BoiLrTvkEBIVqELuRa

Malware Config

Targets

    • Target

      321e6a225a302571d7c2e9d30a674ac2b5e35cd4104c8a5fdf30f5e9fd6fe669

    • Size

      413KB

    • MD5

      c520fbdf503c077229b505fdd4d6d883

    • SHA1

      d266da1482eaf9df4ec4a237be0fc7ca27b331db

    • SHA256

      321e6a225a302571d7c2e9d30a674ac2b5e35cd4104c8a5fdf30f5e9fd6fe669

    • SHA512

      f2d2ee1f3dce2be69afa7f59f979103911a0581dea8eecb95bc58ef9427887242001e39ec2030c88d9e2afec13e875dbb776649ce724cb76cc7bd2b5adf11b25

    • SSDEEP

      12288:49NL1baM8Gb2L1BZJMFiLrTSeLrkf8BIV+xdELuRaZ:kdaM8Gk1BoiLrTvkEBIVqELuRa

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks