General

  • Target

    3f7255d2ecd3df5f1ff5a525b7bf4870eb9d61565f6e952d75fa26ed4a45c3a4

  • Size

    413KB

  • Sample

    240424-ys4tlsge9t

  • MD5

    b51fae93296cc9663535af54ca4071b7

  • SHA1

    e84388e006a20c49e8c7ae4aa3a6db68403bd20e

  • SHA256

    3f7255d2ecd3df5f1ff5a525b7bf4870eb9d61565f6e952d75fa26ed4a45c3a4

  • SHA512

    e4693816f2c4ce53253f69d3b39900dd9066753cbf48c45d362c68a28ed0b89e6ffbe0a6c4259e7c0f6f4d7f8aa4ebbc22451c2be11a2263315b86a521947fe6

  • SSDEEP

    12288:49NL1baM8Gb2L1BZJMFiLrTSeLrkf8BIV+xdELuRaZU:kdaM8Gk1BoiLrTvkEBIVqELuRaC

Malware Config

Targets

    • Target

      3f7255d2ecd3df5f1ff5a525b7bf4870eb9d61565f6e952d75fa26ed4a45c3a4

    • Size

      413KB

    • MD5

      b51fae93296cc9663535af54ca4071b7

    • SHA1

      e84388e006a20c49e8c7ae4aa3a6db68403bd20e

    • SHA256

      3f7255d2ecd3df5f1ff5a525b7bf4870eb9d61565f6e952d75fa26ed4a45c3a4

    • SHA512

      e4693816f2c4ce53253f69d3b39900dd9066753cbf48c45d362c68a28ed0b89e6ffbe0a6c4259e7c0f6f4d7f8aa4ebbc22451c2be11a2263315b86a521947fe6

    • SSDEEP

      12288:49NL1baM8Gb2L1BZJMFiLrTSeLrkf8BIV+xdELuRaZU:kdaM8Gk1BoiLrTvkEBIVqELuRaC

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks