General

  • Target

    05bbba512adcaff8770b3b56762ef136.bin

  • Size

    332KB

  • Sample

    240430-bcwfzafe63

  • MD5

    a44ae91340d8f8d9a6d827ca30324588

  • SHA1

    99831c184946d9cfaa7c710d0acb159db19b035a

  • SHA256

    a671e5b370126b9b1bf55997df8b14bc575e950b72ea4d4aaa7349d244ff7b8d

  • SHA512

    eba706e159eee251ebc0692c570032e029795f77dba318745143903f530bf25f7192631186c00af319322aaca5a40fb7446de8bdd82581694fafa448ad2ad0c4

  • SSDEEP

    6144:vXrQwntJlkHxjKqQN51/AukPoSSjBJA0P6oYOTFlSc92K9ZeFteWvC7HJlGuNs7D:z7tJGHhKl5aukPjySvOTSo1Z8teWvNzD

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.151

Attributes
  • url_path

    /7043a0c6a68d9c65.php

Targets

    • Target

      95355a55723c0866afed1253a8f0a17c8b6554d6452d4dfa80f4c9b382fd3596.exe

    • Size

      451KB

    • MD5

      05bbba512adcaff8770b3b56762ef136

    • SHA1

      bc608e868981f5aa3f5da959bf8c0786e72ca36c

    • SHA256

      95355a55723c0866afed1253a8f0a17c8b6554d6452d4dfa80f4c9b382fd3596

    • SHA512

      d522a6fa30adacb07fa67441a55a4e6d55ea895ac48d53ac5909c846ab44acae9e25369c8c3ca093b6e1ee92ac1e5901aca46af928c74e68ede0def16cc23d2c

    • SSDEEP

      6144:+0HYlMeYOX8mE94DowCxV0jZVqmnvi1UVX1Zbt2S0gjaU:+04lMXmQ4LCxWjZji1U/rhaU

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks