General

  • Target

    7f74f2cfd75b7d1b62eb421714c936a7431190bdfe93626185dd103a3881f124

  • Size

    395KB

  • Sample

    240425-3wk8wsgd23

  • MD5

    42648b762e467d64b58ec7c12a710520

  • SHA1

    7251da8f75f9347fbe9a0032ba119ba4a797bcb7

  • SHA256

    7f74f2cfd75b7d1b62eb421714c936a7431190bdfe93626185dd103a3881f124

  • SHA512

    a1c4ffcdde1a00851e382d51cd0cf993d821cc47fbb92c93e0416b9394e8b250ed3341a41648f3624ea1e6a1790c719b674db109165332fcc562f9ebadaafa6e

  • SSDEEP

    6144:bDT/bT/y5pUYwa0tjXZfSFZtKn+iW9c5BGIpuluXyCAmIC1rP:bHf/KpmaKQAJ5BQsCqtx

Malware Config

Targets

    • Target

      7f74f2cfd75b7d1b62eb421714c936a7431190bdfe93626185dd103a3881f124

    • Size

      395KB

    • MD5

      42648b762e467d64b58ec7c12a710520

    • SHA1

      7251da8f75f9347fbe9a0032ba119ba4a797bcb7

    • SHA256

      7f74f2cfd75b7d1b62eb421714c936a7431190bdfe93626185dd103a3881f124

    • SHA512

      a1c4ffcdde1a00851e382d51cd0cf993d821cc47fbb92c93e0416b9394e8b250ed3341a41648f3624ea1e6a1790c719b674db109165332fcc562f9ebadaafa6e

    • SSDEEP

      6144:bDT/bT/y5pUYwa0tjXZfSFZtKn+iW9c5BGIpuluXyCAmIC1rP:bHf/KpmaKQAJ5BQsCqtx

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks