General
-
Target
3d4375cde08e03e77fe51fbca04d0cc4ce29fd7d0a71174473fb2225ba204d43
-
Size
396KB
-
Sample
240425-ys5e5sea7t
-
MD5
bf4f63cbcc06bf2ae575ea3778e023c1
-
SHA1
ba9a6a28bfa25886b389afb4dc0e57a1d48eeeb8
-
SHA256
3d4375cde08e03e77fe51fbca04d0cc4ce29fd7d0a71174473fb2225ba204d43
-
SHA512
992e3a0680da57fb60060628d56ca974a552a6e266864fad690108c38bbcdf94a6611b008fa2f0568cc0aa7f7a780ab57fb47288209206ecd8ac3158dca2f3b7
-
SSDEEP
6144:4bUya3+rSZfUNPi77LXMIoTKsmQ3ol2nb14ov0d:sUyaySdnLXvoTmWol4b1j4
Static task
static1
Behavioral task
behavioral1
Sample
3d4375cde08e03e77fe51fbca04d0cc4ce29fd7d0a71174473fb2225ba204d43.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
stealc
http://185.172.128.111
-
url_path
/f993692117a3fda2.php
Targets
-
-
Target
3d4375cde08e03e77fe51fbca04d0cc4ce29fd7d0a71174473fb2225ba204d43
-
Size
396KB
-
MD5
bf4f63cbcc06bf2ae575ea3778e023c1
-
SHA1
ba9a6a28bfa25886b389afb4dc0e57a1d48eeeb8
-
SHA256
3d4375cde08e03e77fe51fbca04d0cc4ce29fd7d0a71174473fb2225ba204d43
-
SHA512
992e3a0680da57fb60060628d56ca974a552a6e266864fad690108c38bbcdf94a6611b008fa2f0568cc0aa7f7a780ab57fb47288209206ecd8ac3158dca2f3b7
-
SSDEEP
6144:4bUya3+rSZfUNPi77LXMIoTKsmQ3ol2nb14ov0d:sUyaySdnLXvoTmWol4b1j4
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-