General
-
Target
aee3d2a6ebecac4429852e34bc514ea6b4dcc30c559e1f9393f9b1d1206dc321
-
Size
4.2MB
-
Sample
240819-qrvkjswfrg
-
MD5
e5b383c9d5c4dddfd7330c8afb9451c9
-
SHA1
531e11aad7f2274d4ef3e52888ee9f3b01e5c3a6
-
SHA256
aee3d2a6ebecac4429852e34bc514ea6b4dcc30c559e1f9393f9b1d1206dc321
-
SHA512
b46c6ff342835c7d200534d51d8c11b27ef61db3d0b367f5986539f3f5c1376cea836907f093ad8b4cdf9826b91e6a78a8f9d18864abf44c5b3291bd41f6c431
-
SSDEEP
98304:Zy+SMVu0VLGMb5Cx0taAUgLdpq+Xvna9k7VoiX996Kc2Q:DSMVu0VLGMb5Cx0taAUgLdpq+Xvna9kK
Static task
static1
Behavioral task
behavioral1
Sample
aee3d2a6ebecac4429852e34bc514ea6b4dcc30c559e1f9393f9b1d1206dc321.exe
Resource
win7-20240729-en
Malware Config
Targets
-
-
Target
aee3d2a6ebecac4429852e34bc514ea6b4dcc30c559e1f9393f9b1d1206dc321
-
Size
4.2MB
-
MD5
e5b383c9d5c4dddfd7330c8afb9451c9
-
SHA1
531e11aad7f2274d4ef3e52888ee9f3b01e5c3a6
-
SHA256
aee3d2a6ebecac4429852e34bc514ea6b4dcc30c559e1f9393f9b1d1206dc321
-
SHA512
b46c6ff342835c7d200534d51d8c11b27ef61db3d0b367f5986539f3f5c1376cea836907f093ad8b4cdf9826b91e6a78a8f9d18864abf44c5b3291bd41f6c431
-
SSDEEP
98304:Zy+SMVu0VLGMb5Cx0taAUgLdpq+Xvna9k7VoiX996Kc2Q:DSMVu0VLGMb5Cx0taAUgLdpq+Xvna9kK
-
SectopRAT payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-