Analysis
-
max time kernel
110s -
max time network
112s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
31-05-2024 18:21
Behavioral task
behavioral1
Sample
7f386e57807f0c2d48b0b33f35e6baf50ba5ee8b000bbd7b4bdd454cedc9ae81.exe
Resource
win7-20240508-en
General
-
Target
7f386e57807f0c2d48b0b33f35e6baf50ba5ee8b000bbd7b4bdd454cedc9ae81.exe
-
Size
768KB
-
MD5
ad3d3124026a6a9c8017b57bc71ba72c
-
SHA1
387657e93af3c08e74fe35a2e7c9fc34c8c5b734
-
SHA256
7f386e57807f0c2d48b0b33f35e6baf50ba5ee8b000bbd7b4bdd454cedc9ae81
-
SHA512
7d5e1ace6fc184df2ad96dfaddf270f9191b80d67da60296fba17d49d9b2fb3f48a608cc919a43d53c512978722460adcfa7fee2669a6083cefc5888b46f1e6e
-
SSDEEP
12288:bvsXZv8km0OHcbGbvzWHz0HnquwTy+g0ssFWylkkoAbtEjQwfNqbYS2VbICKMIUb:EfPz0HILg0ssFlSj4nm
Malware Config
Signatures
-
SectopRAT payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/4592-1-0x0000000000B70000-0x0000000000C36000-memory.dmp family_sectoprat -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes:
7f386e57807f0c2d48b0b33f35e6baf50ba5ee8b000bbd7b4bdd454cedc9ae81.exepid process 4592 7f386e57807f0c2d48b0b33f35e6baf50ba5ee8b000bbd7b4bdd454cedc9ae81.exe 4592 7f386e57807f0c2d48b0b33f35e6baf50ba5ee8b000bbd7b4bdd454cedc9ae81.exe 4592 7f386e57807f0c2d48b0b33f35e6baf50ba5ee8b000bbd7b4bdd454cedc9ae81.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
7f386e57807f0c2d48b0b33f35e6baf50ba5ee8b000bbd7b4bdd454cedc9ae81.exedescription pid process Token: SeDebugPrivilege 4592 7f386e57807f0c2d48b0b33f35e6baf50ba5ee8b000bbd7b4bdd454cedc9ae81.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
7f386e57807f0c2d48b0b33f35e6baf50ba5ee8b000bbd7b4bdd454cedc9ae81.exepid process 4592 7f386e57807f0c2d48b0b33f35e6baf50ba5ee8b000bbd7b4bdd454cedc9ae81.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7f386e57807f0c2d48b0b33f35e6baf50ba5ee8b000bbd7b4bdd454cedc9ae81.exe"C:\Users\Admin\AppData\Local\Temp\7f386e57807f0c2d48b0b33f35e6baf50ba5ee8b000bbd7b4bdd454cedc9ae81.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4592
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
20KB
MD542c395b8db48b6ce3d34c301d1eba9d5
SHA1b7cfa3de344814bec105391663c0df4a74310996
SHA2565644546ecefc6786c7be5b1a89e935e640963ccd34b130f21baab9370cb9055d
SHA5127b9214db96e9bec8745b4161a41c4c0520cdda9950f0cd3f12c7744227a25d639d07c0dd68b552cf1e032181c2e4f8297747f27bad6c7447b0f415a86bd82845
-
Filesize
20KB
MD549693267e0adbcd119f9f5e02adf3a80
SHA13ba3d7f89b8ad195ca82c92737e960e1f2b349df
SHA256d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f
SHA512b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2