Overview

overview

10

Static

static

1

Mia_Khalifia(18+).exe

windows11-21h2-x64

10

Resubmissions

03-07-2024 17:18

240703-vvk8hazcqq 10

03-07-2024 16:20

240703-ts74tatfpm 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Mia_Khalifia(18+).exe

  • Size

    4.2MB

  • Sample

    240703-vvk8hazcqq

  • MD5

    9c6352ad45c6ce5ab18f75f4fcf3c85d

  • SHA1

    3908a22b5a4dceedc813b0deded861fdbc9ae6fb

  • SHA256

    c00280f16aa9c12f6a8a7f29c493f17c237e570ae1fe481d368ea0ab4eafedf5

  • SHA512

    ba2d87ea0c656b6b3de4075e465b8b5c991c89a32446c460ede9052e7b9ea7b64e52858971a5b620ad78393074b84cc7bcde70cf989e1de76514f3076e07f925

  • SSDEEP

    98304:mnyNQa/26tLM4OXoQCn9+juAoHsvP0mDFn169ryxbTkNW:0yNQa+OLM4eoQIiIsXnu9exHko

Score
10/10
sectopratevasionexecutionratspywaretrojan

Malware Config

Targets

    • Target

      Mia_Khalifia(18+).exe

    • Size

      4.2MB

    • MD5

      9c6352ad45c6ce5ab18f75f4fcf3c85d

    • SHA1

      3908a22b5a4dceedc813b0deded861fdbc9ae6fb

    • SHA256

      c00280f16aa9c12f6a8a7f29c493f17c237e570ae1fe481d368ea0ab4eafedf5

    • SHA512

      ba2d87ea0c656b6b3de4075e465b8b5c991c89a32446c460ede9052e7b9ea7b64e52858971a5b620ad78393074b84cc7bcde70cf989e1de76514f3076e07f925

    • SSDEEP

      98304:mnyNQa/26tLM4OXoQCn9+juAoHsvP0mDFn169ryxbTkNW:0yNQa+OLM4eoQIiIsXnu9exHko

    Score
    10/10
    sectopratevasionexecutionratspywaretrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Downloads MZ/PE file

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks