General

  • Target

    16f402a044656fca1412d809b0e5c9a0b2cd9ab3264a0db82c272337f2d60f17

  • Size

    406KB

  • Sample

    240425-ez17hsfd21

  • MD5

    cc542ac6e301d602b8b3745501276abe

  • SHA1

    8d16f2f476f160d595bfb0f901ad3cb2faf5224f

  • SHA256

    16f402a044656fca1412d809b0e5c9a0b2cd9ab3264a0db82c272337f2d60f17

  • SHA512

    e6348d99a7495889dad152510968836e15c011d70038e8de5f6af9fb18b48c759ffdeec31afe307f59d8b9ccb81eb140d6014644697470fa8e6fb7f830bfd490

  • SSDEEP

    6144:ZAuhQxtgcHEOgazi/NtXZ8mzVoq/6Jj4M2T1sRg9ivUUfFURO6dEL4tOKr:ZAuhQTg22NzVoPSMSsRkUfu/dELuOKr

Malware Config

Targets

    • Target

      16f402a044656fca1412d809b0e5c9a0b2cd9ab3264a0db82c272337f2d60f17

    • Size

      406KB

    • MD5

      cc542ac6e301d602b8b3745501276abe

    • SHA1

      8d16f2f476f160d595bfb0f901ad3cb2faf5224f

    • SHA256

      16f402a044656fca1412d809b0e5c9a0b2cd9ab3264a0db82c272337f2d60f17

    • SHA512

      e6348d99a7495889dad152510968836e15c011d70038e8de5f6af9fb18b48c759ffdeec31afe307f59d8b9ccb81eb140d6014644697470fa8e6fb7f830bfd490

    • SSDEEP

      6144:ZAuhQxtgcHEOgazi/NtXZ8mzVoq/6Jj4M2T1sRg9ivUUfFURO6dEL4tOKr:ZAuhQTg22NzVoPSMSsRkUfu/dELuOKr

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks