General
-
Target
2e2358523bbe722450a7e49eed0534b6.bin
-
Size
1.1MB
-
Sample
240718-b3m8aayhrn
-
MD5
f6351fbe305e08b9793f975c54e9bffa
-
SHA1
f413987f307ba65106886e45528d931fbdf64970
-
SHA256
f9c7585bf95c609e91fb5de1caa48ab57b1afa0eac5bc8066b3d9ab2d1e5dc75
-
SHA512
7263d79b3fef68c2872df563f13239db51fbf19f73c05f0d5a7942d07f63f858395119a701816ecb4593a656a929310693fab074d8e71d66ffc623761bc49b11
-
SSDEEP
24576:9HKwpsB7mDQGbPv9/w67lN2NFyKh4duEMXYmIWDRhzB:9HKwpsBsFbPv9/wNFyTg7XHRj
Malware Config
Targets
-
-
Target
304555a63b7a431a158fd9e527bdfcb7610f6dfa9231f4184f2e80e85a0dc520.exe
-
Size
3.5MB
-
MD5
2e2358523bbe722450a7e49eed0534b6
-
SHA1
10ac0bbf6ab7e2db1d53a93973bf73573160eeab
-
SHA256
304555a63b7a431a158fd9e527bdfcb7610f6dfa9231f4184f2e80e85a0dc520
-
SHA512
13fbfe2ee2ca37d9ace32e0a1c84f0aa726d5dd4145ed9a7385317140486ab8688a8defe71fd31dffe70a7fd17c4c1305b7eeaa5b11a32e55b57b05152a26ce5
-
SSDEEP
49152:xSee3hQidqT4kgJmNqf9YWBTg+E5EiCh8:I3hQidXZQNqiWLgR6
Score10/10-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-