General

  • Target

    d948e07325a1cf48bb9749e3f0a83d69c4abb96f822e3002b31b752ebb292c77.exe

  • Size

    2.4MB

  • Sample

    240825-by8cnasgkl

  • MD5

    57573e0c7c535e6a3bd6771b4ff9e561

  • SHA1

    67842e9bcb8123af48c8331d9e06f7ab6684c8fe

  • SHA256

    d948e07325a1cf48bb9749e3f0a83d69c4abb96f822e3002b31b752ebb292c77

  • SHA512

    ca1ec4de0405495d294bfa4d38a04170b84c90b0499799304bc47a64ea58bae54b2026ce91cd184d52493ffcaaf7d1fb8268c7514c6e10abfbf29423ffe21bb7

  • SSDEEP

    49152:Upz3qVn+A4GA+B5ROpbmQFNioD77iabCv/+dZMETIUdffL/X/CH93YHLicHB:Up2p+HGA+B5Rybdv/u/aZHzH723YH5

Malware Config

Targets

    • Target

      d948e07325a1cf48bb9749e3f0a83d69c4abb96f822e3002b31b752ebb292c77.exe

    • Size

      2.4MB

    • MD5

      57573e0c7c535e6a3bd6771b4ff9e561

    • SHA1

      67842e9bcb8123af48c8331d9e06f7ab6684c8fe

    • SHA256

      d948e07325a1cf48bb9749e3f0a83d69c4abb96f822e3002b31b752ebb292c77

    • SHA512

      ca1ec4de0405495d294bfa4d38a04170b84c90b0499799304bc47a64ea58bae54b2026ce91cd184d52493ffcaaf7d1fb8268c7514c6e10abfbf29423ffe21bb7

    • SSDEEP

      49152:Upz3qVn+A4GA+B5ROpbmQFNioD77iabCv/+dZMETIUdffL/X/CH93YHLicHB:Up2p+HGA+B5Rybdv/u/aZHzH723YH5

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks