General

  • Target

    InstallKit_24313_win64.exe

  • Size

    21.4MB

  • Sample

    240713-se64xsxfkg

  • MD5

    65a1f593552de7934b0bcb782abc43c4

  • SHA1

    b379c45dcfd03680bb1d97e34a27d1eec8b398a4

  • SHA256

    b0410c03a893377b1726c7d31fed5796ae24c8ba55061aa7a02f04fd96a32af5

  • SHA512

    0ebceed4be166581b00d7aa73e439ccee8bd2170d1073fe2b269aa0d1a3c04dd26fb4add4b4aa77a8b69a9adff06365310306172e1003303fbe90b2aad3077bc

  • SSDEEP

    196608:6Y/W2TrybPU3ENBlut4E/iUous5kW+bD5Pc90umN40vyv+SQBVluw9a+Y:6aWqrybhNBlu3/i5X5kpD5GmHv1nRY

Malware Config

Targets

    • Target

      InstallKit_24313_win64.exe

    • Size

      21.4MB

    • MD5

      65a1f593552de7934b0bcb782abc43c4

    • SHA1

      b379c45dcfd03680bb1d97e34a27d1eec8b398a4

    • SHA256

      b0410c03a893377b1726c7d31fed5796ae24c8ba55061aa7a02f04fd96a32af5

    • SHA512

      0ebceed4be166581b00d7aa73e439ccee8bd2170d1073fe2b269aa0d1a3c04dd26fb4add4b4aa77a8b69a9adff06365310306172e1003303fbe90b2aad3077bc

    • SSDEEP

      196608:6Y/W2TrybPU3ENBlut4E/iUous5kW+bD5Pc90umN40vyv+SQBVluw9a+Y:6aWqrybhNBlu3/i5X5kpD5GmHv1nRY

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks