General

  • Target

    8bb9506aabcde8389c773f69e9f957d7f196e8113ccc0e81e57446deeeeaf70e

  • Size

    406KB

  • Sample

    240426-fpxl1sac24

  • MD5

    dca119f48ae676c59f60208073db7b1f

  • SHA1

    825169d4209f8d71f2e19f246a80682709650227

  • SHA256

    8bb9506aabcde8389c773f69e9f957d7f196e8113ccc0e81e57446deeeeaf70e

  • SHA512

    298275ce8a901359000bf82223564232e88f87824cd3e815c37419b470fa3734b77228a16efe73ab1b45d5065ef5c124a654045e03c9e907906ba22d536aab8b

  • SSDEEP

    12288:vnCNuxzdlcGaoloHcJu4ysZCRzh8nkIr:vCGdleCCgCRCnkIr

Malware Config

Targets

    • Target

      8bb9506aabcde8389c773f69e9f957d7f196e8113ccc0e81e57446deeeeaf70e

    • Size

      406KB

    • MD5

      dca119f48ae676c59f60208073db7b1f

    • SHA1

      825169d4209f8d71f2e19f246a80682709650227

    • SHA256

      8bb9506aabcde8389c773f69e9f957d7f196e8113ccc0e81e57446deeeeaf70e

    • SHA512

      298275ce8a901359000bf82223564232e88f87824cd3e815c37419b470fa3734b77228a16efe73ab1b45d5065ef5c124a654045e03c9e907906ba22d536aab8b

    • SSDEEP

      12288:vnCNuxzdlcGaoloHcJu4ysZCRzh8nkIr:vCGdleCCgCRCnkIr

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks