Overview
overview
10Static
static
3372d4853ed...27.exe
windows7-x64
1372d4853ed...27.exe
windows10-2004-x64
189a7d75e00...67.exe
windows7-x64
189a7d75e00...67.exe
windows10-2004-x64
1da5226b7d4...ef.exe
windows7-x64
8da5226b7d4...ef.exe
windows10-2004-x64
8fdb5b2a004...e9.exe
windows7-x64
10fdb5b2a004...e9.exe
windows10-2004-x64
10General
-
Target
17460070396 (2).zip
-
Size
42.0MB
-
Sample
240528-b9tzeabe99
-
MD5
08ea1fe8b7f28b93740c86d9dbf65452
-
SHA1
d780753f68aef95319e1c860a752de3c0656b581
-
SHA256
fe92a0c3ac848d23c2dc607b571e1ea804ef9e5a4fbd81412509929afe94e59c
-
SHA512
c1577f7d11bbd3c82e4a69fa0ebb5b4c3762e916dc0751d9e5eabf7ed0fdb9f6bf3cf9497d95edfbb8beb608b80bc3433e37ba08403b8721d97e2901d0069bed
-
SSDEEP
786432:d1Oog7aqVnsR4Z9/ApoIcOGX55QkNcZ/I1/IO8XnlD11Qdl/V/v93Dv:d45BBtBAZcRX55Fx1/YXp69vR7
Static task
static1
Behavioral task
behavioral1
Sample
372d4853eda962e2d8f6ab3f7c444f7d6c9c1f0285d60fc55a9204ae3c2a1227.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
372d4853eda962e2d8f6ab3f7c444f7d6c9c1f0285d60fc55a9204ae3c2a1227.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
89a7d75e00d0ad1cc305d8e91214d8a44374bec4b99f7f19042703fa4ca74867.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
89a7d75e00d0ad1cc305d8e91214d8a44374bec4b99f7f19042703fa4ca74867.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
da5226b7d4fb1a02e9f30a6b226fb8b0d5a08b28f8d1a95bb029d42bd093fbef.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
da5226b7d4fb1a02e9f30a6b226fb8b0d5a08b28f8d1a95bb029d42bd093fbef.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
fdb5b2a0041b0939552ecd31e382e28529313c8bc8a656eb7de1cef9fbd6eee9.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
372d4853eda962e2d8f6ab3f7c444f7d6c9c1f0285d60fc55a9204ae3c2a1227
-
Size
13.0MB
-
MD5
991785096676a137f176e40f8f050844
-
SHA1
ba1c22cfd49706b5e352a8f63af8aa609f5aef7a
-
SHA256
372d4853eda962e2d8f6ab3f7c444f7d6c9c1f0285d60fc55a9204ae3c2a1227
-
SHA512
16dfbe53f35fae07cf7f9887b8c3dc6b93c912eb9f37afb7ef490639a6e4c01bd8a3c8868d5bd3ea2ea1e3e51c04b69551bdbbc1f2688c3a3e65507da5cf7f64
-
SSDEEP
393216:YY962Lr5+qnM52FCdVh4bodV6B/KTkVCJqV9r+/e:3962Q7ACd3qTSTJJ0r+G
Score1/10 -
-
-
Target
89a7d75e00d0ad1cc305d8e91214d8a44374bec4b99f7f19042703fa4ca74867
-
Size
3.0MB
-
MD5
a50b48c85f4d26cf6324834a0f606fa2
-
SHA1
c2e0b57fc1e6477fa8312ebeed4855239ac04ef2
-
SHA256
89a7d75e00d0ad1cc305d8e91214d8a44374bec4b99f7f19042703fa4ca74867
-
SHA512
1f3c45e2628040f9d528cac32b7e8dd3eb8c8f0003a9f283d2e4df1c97979d6d6a9f6906f3ff871f03e68236c4d210d95f4cedaa8a826d9ab98d65a916bad8b1
-
SSDEEP
49152:0uW6krivgOWOLKeGoeJ1RMrntlcpr7S0t5xNe1YI5ZnKWPPhc+yAjwfOsQqShibT:0uWRHOW+ym4pr7S0XC1YOPPhcEsfOsQU
Score1/10 -
-
-
Target
da5226b7d4fb1a02e9f30a6b226fb8b0d5a08b28f8d1a95bb029d42bd093fbef
-
Size
19.5MB
-
MD5
382b9f7b3540d5bb539ec70522e6301c
-
SHA1
bc3dfd8c421abc071a8bb2fd56012250b7f077ff
-
SHA256
da5226b7d4fb1a02e9f30a6b226fb8b0d5a08b28f8d1a95bb029d42bd093fbef
-
SHA512
d6eeda6845327ea822c92c57f5071640b95b8c3896f6f9227c42f2e6f724f26b37c090e39edc87a3ae9fdcd3cde5bee126e425c1fc8376b17a4c1f82132cdf4e
-
SSDEEP
393216:kA2zR/NGca9Kb+6vkH7DejkPPC+s8MOWeEbtoC9Eg+2:LSipKbZkv3S+sjdHJ9p+2
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Registers COM server for autorun
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
-
-
Target
fdb5b2a0041b0939552ecd31e382e28529313c8bc8a656eb7de1cef9fbd6eee9
-
Size
7.3MB
-
MD5
5c95d5493dda877b228a6485a6d40d9c
-
SHA1
185482dabc06787f6ce14c6cd46c17372a1b77ae
-
SHA256
fdb5b2a0041b0939552ecd31e382e28529313c8bc8a656eb7de1cef9fbd6eee9
-
SHA512
05334c39be051eb33c0ad4787cd8d56a1386115bf809f2ec44088f719ab5bf3caf8e7a4539cb5d10b60bc5452b98d01656332b7e5c608038aeae73bd88b16e24
-
SSDEEP
196608:0qw9h20Qu0lFIutULgNr8cQ6P/qrFfDG2HD14LDsYu67ReBR:w2FIutULgS7rlDvDSI6cz
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
File and Directory Permissions Modification
1Modify Registry
3Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
1