General

  • Target

    04bf38fcee8a6fbf7e7d99d45028f9b31b20b1a69ba1f2ec32572969312e0e45

  • Size

    405KB

  • Sample

    240426-jvy9kscc52

  • MD5

    d82caa9c7e47ea53cd4cd3e7b2bf1523

  • SHA1

    3a19506a124082ef602285ed6c33e38ead32dfe2

  • SHA256

    04bf38fcee8a6fbf7e7d99d45028f9b31b20b1a69ba1f2ec32572969312e0e45

  • SHA512

    e13d2a797e2662168df9d6a85168f537f1f3b138ab7dd8f39476013266c11b7a6300c124502de723f0219cd05ea39cc7b22f67743d5243f011ac487b0767a21f

  • SSDEEP

    12288:hOatvTLg/5HI+WnM93ss5WAlYjGJqMh8nbwr:hjM5HsnMNmtSchnbwr

Malware Config

Targets

    • Target

      04bf38fcee8a6fbf7e7d99d45028f9b31b20b1a69ba1f2ec32572969312e0e45

    • Size

      405KB

    • MD5

      d82caa9c7e47ea53cd4cd3e7b2bf1523

    • SHA1

      3a19506a124082ef602285ed6c33e38ead32dfe2

    • SHA256

      04bf38fcee8a6fbf7e7d99d45028f9b31b20b1a69ba1f2ec32572969312e0e45

    • SHA512

      e13d2a797e2662168df9d6a85168f537f1f3b138ab7dd8f39476013266c11b7a6300c124502de723f0219cd05ea39cc7b22f67743d5243f011ac487b0767a21f

    • SSDEEP

      12288:hOatvTLg/5HI+WnM93ss5WAlYjGJqMh8nbwr:hjM5HsnMNmtSchnbwr

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks