General
-
Target
file.exe
-
Size
13.8MB
-
Sample
240823-kjqczatgme
-
MD5
43e2db5451f5938f2ee9695de40ecb9e
-
SHA1
39421a403cfb7402e13e0aedc6234b6439bef569
-
SHA256
6824e5da203c3f76aef7664f3ccf927bce3412be059b8d78075f6e804dc8c873
-
SHA512
9949578b35b1267e197750a25a1ee9b922394f1f535eaa3580a464680d3dd68fb7f4010dd3393d512b1753a44010f69bbd3fe230939d6e46828441a54a849730
-
SSDEEP
393216:F7Pl85sdL01+l+uq+Vvz1+TtIiLf0VlCR63l:FpTR01+l+uqgvz1QtIhla8
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240729-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
13.8MB
-
MD5
43e2db5451f5938f2ee9695de40ecb9e
-
SHA1
39421a403cfb7402e13e0aedc6234b6439bef569
-
SHA256
6824e5da203c3f76aef7664f3ccf927bce3412be059b8d78075f6e804dc8c873
-
SHA512
9949578b35b1267e197750a25a1ee9b922394f1f535eaa3580a464680d3dd68fb7f4010dd3393d512b1753a44010f69bbd3fe230939d6e46828441a54a849730
-
SSDEEP
393216:F7Pl85sdL01+l+uq+Vvz1+TtIiLf0VlCR63l:FpTR01+l+uqgvz1QtIhla8
-
SectopRAT payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2