General

  • Target

    4ff41d9b16384fb388eaf0d8dc5142dc65f209fd779f407fd0dfe0df286812d2.exe

  • Size

    767KB

  • Sample

    240430-bqbnqage8x

  • MD5

    2d8c1cae9f4d8aeb07e4780ab7c21297

  • SHA1

    711521bd838deb1aac2d2abd72f8ed899fc0cca3

  • SHA256

    4ff41d9b16384fb388eaf0d8dc5142dc65f209fd779f407fd0dfe0df286812d2

  • SHA512

    f533b2ef4c5b61c8b30b3bf1b69bdca01b122ad26461b8e1aa5f78a03faea89c883c23a7779e25d6d6b4f01ea4141838724a24e715d41e5b5323902cb02a2e56

  • SSDEEP

    12288:aiMA0ejRLfxLY8flLb1MgX6WbkAsFWylkkoAbtESP4srX:qeDxttL66kAsFlSj4

Malware Config

Targets

    • Target

      4ff41d9b16384fb388eaf0d8dc5142dc65f209fd779f407fd0dfe0df286812d2.exe

    • Size

      767KB

    • MD5

      2d8c1cae9f4d8aeb07e4780ab7c21297

    • SHA1

      711521bd838deb1aac2d2abd72f8ed899fc0cca3

    • SHA256

      4ff41d9b16384fb388eaf0d8dc5142dc65f209fd779f407fd0dfe0df286812d2

    • SHA512

      f533b2ef4c5b61c8b30b3bf1b69bdca01b122ad26461b8e1aa5f78a03faea89c883c23a7779e25d6d6b4f01ea4141838724a24e715d41e5b5323902cb02a2e56

    • SSDEEP

      12288:aiMA0ejRLfxLY8flLb1MgX6WbkAsFWylkkoAbtESP4srX:qeDxttL66kAsFlSj4

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks