General
-
Target
e00f4b2363b55221308cfc92b561a7680cf38cb3aed2ab0cb3251c1c1082b245
-
Size
395KB
-
Sample
240426-am3scsgd5x
-
MD5
0d012ca8feba5cb6676318dad8b8c00b
-
SHA1
c40a23f6de4fa9828004ac5283ce0591e8a9cba1
-
SHA256
e00f4b2363b55221308cfc92b561a7680cf38cb3aed2ab0cb3251c1c1082b245
-
SHA512
9e2a2e7f839dd13cce154fa9273c47111f15affa067b5c9efdac9ccedbbba53cd652c7025aad6cde80d23b58a1bba23a32a2ac127c43a889be490dc84a00435e
-
SSDEEP
6144:P29OmUzW8qsGKCjyUeQ3KSJJHr1kWhr12uKej6RCM+8RP:P2R67JCeU13K8JH1ZFKej/81
Static task
static1
Behavioral task
behavioral1
Sample
e00f4b2363b55221308cfc92b561a7680cf38cb3aed2ab0cb3251c1c1082b245.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
stealc
http://185.172.128.111
-
url_path
/f993692117a3fda2.php
Targets
-
-
Target
e00f4b2363b55221308cfc92b561a7680cf38cb3aed2ab0cb3251c1c1082b245
-
Size
395KB
-
MD5
0d012ca8feba5cb6676318dad8b8c00b
-
SHA1
c40a23f6de4fa9828004ac5283ce0591e8a9cba1
-
SHA256
e00f4b2363b55221308cfc92b561a7680cf38cb3aed2ab0cb3251c1c1082b245
-
SHA512
9e2a2e7f839dd13cce154fa9273c47111f15affa067b5c9efdac9ccedbbba53cd652c7025aad6cde80d23b58a1bba23a32a2ac127c43a889be490dc84a00435e
-
SSDEEP
6144:P29OmUzW8qsGKCjyUeQ3KSJJHr1kWhr12uKej6RCM+8RP:P2R67JCeU13K8JH1ZFKej/81
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-