Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ed8fbf5cdcfd6714bfd7c1872569b7799843e8ef2689c216ee00b257ed609c35

  • Size

    423KB

  • Sample

    240425-sz4jjaca8s

  • MD5

    e62117f9a65db54a729dc87b42155af4

  • SHA1

    cb26466d445e0a6f2adddfc673eb07ad7caf8c66

  • SHA256

    ed8fbf5cdcfd6714bfd7c1872569b7799843e8ef2689c216ee00b257ed609c35

  • SHA512

    65b32a4d4da88831d3c5d2970946175c86b5ce9ebfd735bfa33a7e6bd81d30bd02e6e8b726fad911bce35de34c77d4cf78faa8d0a1a2628a600dac8c63f58172

  • SSDEEP

    6144:4A89cIp7XcQuqZkwcc2ixc+XJV/u7k7YWdB5gXM27oZrqkH:bwu99fQ9Z87BuK6qkH

Score
10/10
sectopratstealcratstealertrojan

Malware Config

Targets

    • Target

      ed8fbf5cdcfd6714bfd7c1872569b7799843e8ef2689c216ee00b257ed609c35

    • Size

      423KB

    • MD5

      e62117f9a65db54a729dc87b42155af4

    • SHA1

      cb26466d445e0a6f2adddfc673eb07ad7caf8c66

    • SHA256

      ed8fbf5cdcfd6714bfd7c1872569b7799843e8ef2689c216ee00b257ed609c35

    • SHA512

      65b32a4d4da88831d3c5d2970946175c86b5ce9ebfd735bfa33a7e6bd81d30bd02e6e8b726fad911bce35de34c77d4cf78faa8d0a1a2628a600dac8c63f58172

    • SSDEEP

      6144:4A89cIp7XcQuqZkwcc2ixc+XJV/u7k7YWdB5gXM27oZrqkH:bwu99fQ9Z87BuK6qkH

    Score
    10/10
    sectopratstealcratstealertrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks