General

  • Target

    97d6c0cb9f895ec72a927a7fd9b90179c7b8fd5807b67104e4ef6dbb1b4431f5

  • Size

    412KB

  • Sample

    240425-h441ragg6y

  • MD5

    632eaf1f6d4b9293aaffdae299c1a85e

  • SHA1

    b9f2542f3a03dfd2650565904a49bf5a83820569

  • SHA256

    97d6c0cb9f895ec72a927a7fd9b90179c7b8fd5807b67104e4ef6dbb1b4431f5

  • SHA512

    88fe683d1415ae7092a36d0766947fe8804f5368250ce1083880729a42aa8e58510986092a00cd0d00a9e28f213ef38beecae596a3d3d60b5436317acd6be1fa

  • SSDEEP

    6144:S3vNF93i2XZW6NlsS8qNSRk73O9B0qppnH9oH6:MNd5H7+9n7dQ6

Malware Config

Targets

    • Target

      97d6c0cb9f895ec72a927a7fd9b90179c7b8fd5807b67104e4ef6dbb1b4431f5

    • Size

      412KB

    • MD5

      632eaf1f6d4b9293aaffdae299c1a85e

    • SHA1

      b9f2542f3a03dfd2650565904a49bf5a83820569

    • SHA256

      97d6c0cb9f895ec72a927a7fd9b90179c7b8fd5807b67104e4ef6dbb1b4431f5

    • SHA512

      88fe683d1415ae7092a36d0766947fe8804f5368250ce1083880729a42aa8e58510986092a00cd0d00a9e28f213ef38beecae596a3d3d60b5436317acd6be1fa

    • SSDEEP

      6144:S3vNF93i2XZW6NlsS8qNSRk73O9B0qppnH9oH6:MNd5H7+9n7dQ6

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks