General
-
Target
97d6c0cb9f895ec72a927a7fd9b90179c7b8fd5807b67104e4ef6dbb1b4431f5
-
Size
412KB
-
Sample
240425-h441ragg6y
-
MD5
632eaf1f6d4b9293aaffdae299c1a85e
-
SHA1
b9f2542f3a03dfd2650565904a49bf5a83820569
-
SHA256
97d6c0cb9f895ec72a927a7fd9b90179c7b8fd5807b67104e4ef6dbb1b4431f5
-
SHA512
88fe683d1415ae7092a36d0766947fe8804f5368250ce1083880729a42aa8e58510986092a00cd0d00a9e28f213ef38beecae596a3d3d60b5436317acd6be1fa
-
SSDEEP
6144:S3vNF93i2XZW6NlsS8qNSRk73O9B0qppnH9oH6:MNd5H7+9n7dQ6
Static task
static1
Behavioral task
behavioral1
Sample
97d6c0cb9f895ec72a927a7fd9b90179c7b8fd5807b67104e4ef6dbb1b4431f5.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
97d6c0cb9f895ec72a927a7fd9b90179c7b8fd5807b67104e4ef6dbb1b4431f5
-
Size
412KB
-
MD5
632eaf1f6d4b9293aaffdae299c1a85e
-
SHA1
b9f2542f3a03dfd2650565904a49bf5a83820569
-
SHA256
97d6c0cb9f895ec72a927a7fd9b90179c7b8fd5807b67104e4ef6dbb1b4431f5
-
SHA512
88fe683d1415ae7092a36d0766947fe8804f5368250ce1083880729a42aa8e58510986092a00cd0d00a9e28f213ef38beecae596a3d3d60b5436317acd6be1fa
-
SSDEEP
6144:S3vNF93i2XZW6NlsS8qNSRk73O9B0qppnH9oH6:MNd5H7+9n7dQ6
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-