General
-
Target
InstallKit_24313_win64.exe
-
Size
21.4MB
-
Sample
240713-se64xsxfkg
-
MD5
65a1f593552de7934b0bcb782abc43c4
-
SHA1
b379c45dcfd03680bb1d97e34a27d1eec8b398a4
-
SHA256
b0410c03a893377b1726c7d31fed5796ae24c8ba55061aa7a02f04fd96a32af5
-
SHA512
0ebceed4be166581b00d7aa73e439ccee8bd2170d1073fe2b269aa0d1a3c04dd26fb4add4b4aa77a8b69a9adff06365310306172e1003303fbe90b2aad3077bc
-
SSDEEP
196608:6Y/W2TrybPU3ENBlut4E/iUous5kW+bD5Pc90umN40vyv+SQBVluw9a+Y:6aWqrybhNBlu3/i5X5kpD5GmHv1nRY
Static task
static1
Behavioral task
behavioral1
Sample
InstallKit_24313_win64.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
InstallKit_24313_win64.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
InstallKit_24313_win64.exe
-
Size
21.4MB
-
MD5
65a1f593552de7934b0bcb782abc43c4
-
SHA1
b379c45dcfd03680bb1d97e34a27d1eec8b398a4
-
SHA256
b0410c03a893377b1726c7d31fed5796ae24c8ba55061aa7a02f04fd96a32af5
-
SHA512
0ebceed4be166581b00d7aa73e439ccee8bd2170d1073fe2b269aa0d1a3c04dd26fb4add4b4aa77a8b69a9adff06365310306172e1003303fbe90b2aad3077bc
-
SSDEEP
196608:6Y/W2TrybPU3ENBlut4E/iUous5kW+bD5Pc90umN40vyv+SQBVluw9a+Y:6aWqrybhNBlu3/i5X5kpD5GmHv1nRY
-
SectopRAT payload
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-