General

  • Target

    aee3d2a6ebecac4429852e34bc514ea6b4dcc30c559e1f9393f9b1d1206dc321

  • Size

    4.2MB

  • Sample

    240819-qrvkjswfrg

  • MD5

    e5b383c9d5c4dddfd7330c8afb9451c9

  • SHA1

    531e11aad7f2274d4ef3e52888ee9f3b01e5c3a6

  • SHA256

    aee3d2a6ebecac4429852e34bc514ea6b4dcc30c559e1f9393f9b1d1206dc321

  • SHA512

    b46c6ff342835c7d200534d51d8c11b27ef61db3d0b367f5986539f3f5c1376cea836907f093ad8b4cdf9826b91e6a78a8f9d18864abf44c5b3291bd41f6c431

  • SSDEEP

    98304:Zy+SMVu0VLGMb5Cx0taAUgLdpq+Xvna9k7VoiX996Kc2Q:DSMVu0VLGMb5Cx0taAUgLdpq+Xvna9kK

Malware Config

Targets

    • Target

      aee3d2a6ebecac4429852e34bc514ea6b4dcc30c559e1f9393f9b1d1206dc321

    • Size

      4.2MB

    • MD5

      e5b383c9d5c4dddfd7330c8afb9451c9

    • SHA1

      531e11aad7f2274d4ef3e52888ee9f3b01e5c3a6

    • SHA256

      aee3d2a6ebecac4429852e34bc514ea6b4dcc30c559e1f9393f9b1d1206dc321

    • SHA512

      b46c6ff342835c7d200534d51d8c11b27ef61db3d0b367f5986539f3f5c1376cea836907f093ad8b4cdf9826b91e6a78a8f9d18864abf44c5b3291bd41f6c431

    • SSDEEP

      98304:Zy+SMVu0VLGMb5Cx0taAUgLdpq+Xvna9k7VoiX996Kc2Q:DSMVu0VLGMb5Cx0taAUgLdpq+Xvna9kK

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks