General

  • Target

    b52127782111e0aa63dee376335dc0d0509dc53c670e737716b75032ad7be246

  • Size

    395KB

  • Sample

    240425-2zqr4sgb3y

  • MD5

    b6b9e61a2da28112ba48c1467de77dbd

  • SHA1

    cba33108fb41f82667d311cfb3ccb98f73959f35

  • SHA256

    b52127782111e0aa63dee376335dc0d0509dc53c670e737716b75032ad7be246

  • SHA512

    c85e0c2168296a2413b136eccb271d6729277758fe0acffa74cd5f8b178fd3b92e50a33e42bf085bf8d4744eed3f82ed9041ea2c92b83b2634103b235d2ec7d0

  • SSDEEP

    6144:wfvZZIElv79VasTMGa6tc4F4LiHOWfBmu+rbCmkLiCjj8/UXewVljd:wPIER79VFXawc4DaDPCmAiz/UXzR

Malware Config

Targets

    • Target

      b52127782111e0aa63dee376335dc0d0509dc53c670e737716b75032ad7be246

    • Size

      395KB

    • MD5

      b6b9e61a2da28112ba48c1467de77dbd

    • SHA1

      cba33108fb41f82667d311cfb3ccb98f73959f35

    • SHA256

      b52127782111e0aa63dee376335dc0d0509dc53c670e737716b75032ad7be246

    • SHA512

      c85e0c2168296a2413b136eccb271d6729277758fe0acffa74cd5f8b178fd3b92e50a33e42bf085bf8d4744eed3f82ed9041ea2c92b83b2634103b235d2ec7d0

    • SSDEEP

      6144:wfvZZIElv79VasTMGa6tc4F4LiHOWfBmu+rbCmkLiCjj8/UXewVljd:wPIER79VFXawc4DaDPCmAiz/UXzR

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks