General
-
Target
6c7cd54af0c18dbfec568bf5622658386fd9244426712bcbb2a6d72dda023180
-
Size
394KB
-
Sample
240427-kfas4sfd9z
-
MD5
a84998364e4dc723cede32e644f0e82c
-
SHA1
b009c49a5467c75f833146ceb5ee41a891c7c637
-
SHA256
6c7cd54af0c18dbfec568bf5622658386fd9244426712bcbb2a6d72dda023180
-
SHA512
2ac396fffa165a8155e6e615017082a428d02aaa2e5d62d28b4a59847d76d45e06545657b3a97338bec9d29edf093597a2128a1b599446d02b871b086b12d812
-
SSDEEP
6144:sCkJFI6R8nSacs8foP5sn/3UufI5MhBECEwXG6L9FHUGEM62:sCeLR/acs4oY+5MhfhV9FL
Static task
static1
Behavioral task
behavioral1
Sample
6c7cd54af0c18dbfec568bf5622658386fd9244426712bcbb2a6d72dda023180.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
6c7cd54af0c18dbfec568bf5622658386fd9244426712bcbb2a6d72dda023180.exe
Resource
win11-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.111
-
url_path
/f993692117a3fda2.php
Targets
-
-
Target
6c7cd54af0c18dbfec568bf5622658386fd9244426712bcbb2a6d72dda023180
-
Size
394KB
-
MD5
a84998364e4dc723cede32e644f0e82c
-
SHA1
b009c49a5467c75f833146ceb5ee41a891c7c637
-
SHA256
6c7cd54af0c18dbfec568bf5622658386fd9244426712bcbb2a6d72dda023180
-
SHA512
2ac396fffa165a8155e6e615017082a428d02aaa2e5d62d28b4a59847d76d45e06545657b3a97338bec9d29edf093597a2128a1b599446d02b871b086b12d812
-
SSDEEP
6144:sCkJFI6R8nSacs8foP5sn/3UufI5MhBECEwXG6L9FHUGEM62:sCeLR/acs4oY+5MhfhV9FL
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-