General

  • Target

    2e2358523bbe722450a7e49eed0534b6.bin

  • Size

    1.1MB

  • Sample

    240718-b3m8aayhrn

  • MD5

    f6351fbe305e08b9793f975c54e9bffa

  • SHA1

    f413987f307ba65106886e45528d931fbdf64970

  • SHA256

    f9c7585bf95c609e91fb5de1caa48ab57b1afa0eac5bc8066b3d9ab2d1e5dc75

  • SHA512

    7263d79b3fef68c2872df563f13239db51fbf19f73c05f0d5a7942d07f63f858395119a701816ecb4593a656a929310693fab074d8e71d66ffc623761bc49b11

  • SSDEEP

    24576:9HKwpsB7mDQGbPv9/w67lN2NFyKh4duEMXYmIWDRhzB:9HKwpsBsFbPv9/wNFyTg7XHRj

Malware Config

Targets

    • Target

      304555a63b7a431a158fd9e527bdfcb7610f6dfa9231f4184f2e80e85a0dc520.exe

    • Size

      3.5MB

    • MD5

      2e2358523bbe722450a7e49eed0534b6

    • SHA1

      10ac0bbf6ab7e2db1d53a93973bf73573160eeab

    • SHA256

      304555a63b7a431a158fd9e527bdfcb7610f6dfa9231f4184f2e80e85a0dc520

    • SHA512

      13fbfe2ee2ca37d9ace32e0a1c84f0aa726d5dd4145ed9a7385317140486ab8688a8defe71fd31dffe70a7fd17c4c1305b7eeaa5b11a32e55b57b05152a26ce5

    • SSDEEP

      49152:xSee3hQidqT4kgJmNqf9YWBTg+E5EiCh8:I3hQidXZQNqiWLgR6

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks