General
-
Target
eaa24d3c5e8f355e2f10b3a0e5ddcfc6bca1e9206be32312331826171a6bf4fb
-
Size
451KB
-
Sample
240428-nefjraee24
-
MD5
4daaf27c885259356f17e0e099c80647
-
SHA1
7f6eb901ef8e9ca5f17dfea937ee1e9f070331da
-
SHA256
eaa24d3c5e8f355e2f10b3a0e5ddcfc6bca1e9206be32312331826171a6bf4fb
-
SHA512
b6e987ede7259bf01f69d4f4c5d3be65bda30cdc5ac6720b3e18bfcd0ef7dfcc09681204cbdbd62e254b9a3048270ed57a4b694ccd9f581d430740245ac42d6f
-
SSDEEP
12288:rBwwS3fz8A9Hmzef9HrPQyczMNoFnc1N:rKHmzM9HroEoFnc1N
Malware Config
Extracted
stealc
http://185.172.128.76
-
url_path
/8681490a59ad0e34.php
Targets
-
-
Target
eaa24d3c5e8f355e2f10b3a0e5ddcfc6bca1e9206be32312331826171a6bf4fb
-
Size
451KB
-
MD5
4daaf27c885259356f17e0e099c80647
-
SHA1
7f6eb901ef8e9ca5f17dfea937ee1e9f070331da
-
SHA256
eaa24d3c5e8f355e2f10b3a0e5ddcfc6bca1e9206be32312331826171a6bf4fb
-
SHA512
b6e987ede7259bf01f69d4f4c5d3be65bda30cdc5ac6720b3e18bfcd0ef7dfcc09681204cbdbd62e254b9a3048270ed57a4b694ccd9f581d430740245ac42d6f
-
SSDEEP
12288:rBwwS3fz8A9Hmzef9HrPQyczMNoFnc1N:rKHmzM9HroEoFnc1N
Score10/10-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Stealc
Stealc is an infostealer written in C++.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-