General

  • Target

    36e09a4ed4f71adc2b1493273d18bda7f1a3b4d6442181b4ba6ef34a8cc232ae

  • Size

    416KB

  • Sample

    240425-fgpw7sff67

  • MD5

    139bd673996a3e9175459e13b2fb2042

  • SHA1

    2152754e54b74c5c9ec83c5b12b8b088e1ad11bf

  • SHA256

    36e09a4ed4f71adc2b1493273d18bda7f1a3b4d6442181b4ba6ef34a8cc232ae

  • SHA512

    15b552efc31879e9c74a58a749820153e6c431a446d885c2df5787f6a3edcc7d3eff7f8c61cad5459b8fc1897766764e75c88b935d42084265adcffc6ce03f28

  • SSDEEP

    12288:BFc5MyBQNGCCIYu7GJ9QICQfEHVmJspa:BOdWNYIx7W90uEa

Malware Config

Targets

    • Target

      36e09a4ed4f71adc2b1493273d18bda7f1a3b4d6442181b4ba6ef34a8cc232ae

    • Size

      416KB

    • MD5

      139bd673996a3e9175459e13b2fb2042

    • SHA1

      2152754e54b74c5c9ec83c5b12b8b088e1ad11bf

    • SHA256

      36e09a4ed4f71adc2b1493273d18bda7f1a3b4d6442181b4ba6ef34a8cc232ae

    • SHA512

      15b552efc31879e9c74a58a749820153e6c431a446d885c2df5787f6a3edcc7d3eff7f8c61cad5459b8fc1897766764e75c88b935d42084265adcffc6ce03f28

    • SSDEEP

      12288:BFc5MyBQNGCCIYu7GJ9QICQfEHVmJspa:BOdWNYIx7W90uEa

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks