Overview

overview

10

Static

static

3

2E2358523B...B6.exe

windows7-x64

10

2E2358523B...B6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2E2358523BBE722450A7E49EED0534B6.exe

  • Size

    3.5MB

  • Sample

    240716-r2egraxdnn

  • MD5

    2e2358523bbe722450a7e49eed0534b6

  • SHA1

    10ac0bbf6ab7e2db1d53a93973bf73573160eeab

  • SHA256

    304555a63b7a431a158fd9e527bdfcb7610f6dfa9231f4184f2e80e85a0dc520

  • SHA512

    13fbfe2ee2ca37d9ace32e0a1c84f0aa726d5dd4145ed9a7385317140486ab8688a8defe71fd31dffe70a7fd17c4c1305b7eeaa5b11a32e55b57b05152a26ce5

  • SSDEEP

    49152:xSee3hQidqT4kgJmNqf9YWBTg+E5EiCh8:I3hQidXZQNqiWLgR6

Score
10/10
sectopratdiscoveryratspywarestealertrojan

Malware Config

Targets

    • Target

      2E2358523BBE722450A7E49EED0534B6.exe

    • Size

      3.5MB

    • MD5

      2e2358523bbe722450a7e49eed0534b6

    • SHA1

      10ac0bbf6ab7e2db1d53a93973bf73573160eeab

    • SHA256

      304555a63b7a431a158fd9e527bdfcb7610f6dfa9231f4184f2e80e85a0dc520

    • SHA512

      13fbfe2ee2ca37d9ace32e0a1c84f0aa726d5dd4145ed9a7385317140486ab8688a8defe71fd31dffe70a7fd17c4c1305b7eeaa5b11a32e55b57b05152a26ce5

    • SSDEEP

      49152:xSee3hQidqT4kgJmNqf9YWBTg+E5EiCh8:I3hQidXZQNqiWLgR6

    Score
    10/10
    sectopratdiscoveryratspywarestealertrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks