Overview

overview

10

Static

static

7

24d512fa05...dc.exe

windows7-x64

10

24d512fa05...dc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1cecb25d5fe1f38d7b14353a2a14bf79.bin

  • Size

    3.0MB

  • Sample

    240614-bg1aqasfql

  • MD5

    96760170b1e1b92dcfcc4bba3ba78ed8

  • SHA1

    e9df8ce20953940e9934ad9d97efe2210635ddbe

  • SHA256

    471addae086ec5bd4c086b4d9ea316a96fc3bb708a3bb0b0a6175458402da304

  • SHA512

    4bd78def81ab9a83b22a62bbb6e4233392716ae98fcec7140fdc8ddda3857afff0d4cfe3e02abfb891897d929aac8a093c8a9a1dc137a10da46f5eb079dc5de3

  • SSDEEP

    49152:Uf/eeCk8k/nNPT4mb59bZ5E448+E7LxmT6DJ4k+vzYJAQMdmP4V7VPzAVbo3qozX:UfRbcmRSX8z5me6kQzYZMtxCbo6ocNyh

Score
10/10
sectopratevasionratthemidatrojan

Malware Config

Targets

    • Target

      24d512fa05d2d5c5330be84a58526c74221fba38cc6993cee31acf645dfd50dc.exe

    • Size

      3.0MB

    • MD5

      1cecb25d5fe1f38d7b14353a2a14bf79

    • SHA1

      7c9934b8111267b9e615917cd8fcb73398e98972

    • SHA256

      24d512fa05d2d5c5330be84a58526c74221fba38cc6993cee31acf645dfd50dc

    • SHA512

      82b76bc9b11a3d99b7b2d538ffeeeb0e674fc36d52ce975690c3485a843a687fe6f2a89baf354e8e41b2a076c09dd14b258025359915689f8c3acdfa6abf29b7

    • SSDEEP

      49152:J/FZcUfaYBmWzQvoMxyPvBpWI0y2gA3uJV5C+CM0GNiGUXqC3q81vK1GEtrXbLoK:1IUCYBmoQvbPIy2z5PWGNnqvuG4X/

    Score
    10/10
    sectopratevasionratthemidatrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks