General
-
Target
d948e07325a1cf48bb9749e3f0a83d69c4abb96f822e3002b31b752ebb292c77.exe
-
Size
2.4MB
-
Sample
240825-by8cnasgkl
-
MD5
57573e0c7c535e6a3bd6771b4ff9e561
-
SHA1
67842e9bcb8123af48c8331d9e06f7ab6684c8fe
-
SHA256
d948e07325a1cf48bb9749e3f0a83d69c4abb96f822e3002b31b752ebb292c77
-
SHA512
ca1ec4de0405495d294bfa4d38a04170b84c90b0499799304bc47a64ea58bae54b2026ce91cd184d52493ffcaaf7d1fb8268c7514c6e10abfbf29423ffe21bb7
-
SSDEEP
49152:Upz3qVn+A4GA+B5ROpbmQFNioD77iabCv/+dZMETIUdffL/X/CH93YHLicHB:Up2p+HGA+B5Rybdv/u/aZHzH723YH5
Static task
static1
Behavioral task
behavioral1
Sample
d948e07325a1cf48bb9749e3f0a83d69c4abb96f822e3002b31b752ebb292c77.exe
Resource
win7-20240729-en
Malware Config
Targets
-
-
Target
d948e07325a1cf48bb9749e3f0a83d69c4abb96f822e3002b31b752ebb292c77.exe
-
Size
2.4MB
-
MD5
57573e0c7c535e6a3bd6771b4ff9e561
-
SHA1
67842e9bcb8123af48c8331d9e06f7ab6684c8fe
-
SHA256
d948e07325a1cf48bb9749e3f0a83d69c4abb96f822e3002b31b752ebb292c77
-
SHA512
ca1ec4de0405495d294bfa4d38a04170b84c90b0499799304bc47a64ea58bae54b2026ce91cd184d52493ffcaaf7d1fb8268c7514c6e10abfbf29423ffe21bb7
-
SSDEEP
49152:Upz3qVn+A4GA+B5ROpbmQFNioD77iabCv/+dZMETIUdffL/X/CH93YHLicHB:Up2p+HGA+B5Rybdv/u/aZHzH723YH5
-
SectopRAT payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-