Resubmissions

03-07-2024 17:18

240703-vvk8hazcqq 10

03-07-2024 16:20

240703-ts74tatfpm 8

General

  • Target

    Mia_Khalifia(18+).exe

  • Size

    4.2MB

  • Sample

    240703-vvk8hazcqq

  • MD5

    9c6352ad45c6ce5ab18f75f4fcf3c85d

  • SHA1

    3908a22b5a4dceedc813b0deded861fdbc9ae6fb

  • SHA256

    c00280f16aa9c12f6a8a7f29c493f17c237e570ae1fe481d368ea0ab4eafedf5

  • SHA512

    ba2d87ea0c656b6b3de4075e465b8b5c991c89a32446c460ede9052e7b9ea7b64e52858971a5b620ad78393074b84cc7bcde70cf989e1de76514f3076e07f925

  • SSDEEP

    98304:mnyNQa/26tLM4OXoQCn9+juAoHsvP0mDFn169ryxbTkNW:0yNQa+OLM4eoQIiIsXnu9exHko

Malware Config

Targets

    • Target

      Mia_Khalifia(18+).exe

    • Size

      4.2MB

    • MD5

      9c6352ad45c6ce5ab18f75f4fcf3c85d

    • SHA1

      3908a22b5a4dceedc813b0deded861fdbc9ae6fb

    • SHA256

      c00280f16aa9c12f6a8a7f29c493f17c237e570ae1fe481d368ea0ab4eafedf5

    • SHA512

      ba2d87ea0c656b6b3de4075e465b8b5c991c89a32446c460ede9052e7b9ea7b64e52858971a5b620ad78393074b84cc7bcde70cf989e1de76514f3076e07f925

    • SSDEEP

      98304:mnyNQa/26tLM4OXoQCn9+juAoHsvP0mDFn169ryxbTkNW:0yNQa+OLM4eoQIiIsXnu9exHko

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Downloads MZ/PE file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks