General

  • Target

    e243074c3f3825582e9f4039aecbdcf0N.exe

  • Size

    7.5MB

  • Sample

    240825-shhkqssbqn

  • MD5

    e243074c3f3825582e9f4039aecbdcf0

  • SHA1

    bb662a5bc555d3a558a9c8f853d5a86c4ae8ce68

  • SHA256

    7cdf0d45dd4e81626b1807626f45f191494d1bde26641909b9a9dd4e5f0e4156

  • SHA512

    3965735d47f2be25ac48f78abfd0a9e27460bdbf499986f170fb2a3498f828a6d21302f71708a9e7a56fe3d3671330b462cfbe36738f5e4c53ab9243ee953562

  • SSDEEP

    98304:l1Z6Fgfnd43cPOvp/5ggnoKs7yUzzlLQQNE7zWSzF6NUbA9mCpGDQpuVPvx5ctOx:ln6FuTa1TnUPlLQQNArLbA48GDuuN

Malware Config

Targets

    • Target

      e243074c3f3825582e9f4039aecbdcf0N.exe

    • Size

      7.5MB

    • MD5

      e243074c3f3825582e9f4039aecbdcf0

    • SHA1

      bb662a5bc555d3a558a9c8f853d5a86c4ae8ce68

    • SHA256

      7cdf0d45dd4e81626b1807626f45f191494d1bde26641909b9a9dd4e5f0e4156

    • SHA512

      3965735d47f2be25ac48f78abfd0a9e27460bdbf499986f170fb2a3498f828a6d21302f71708a9e7a56fe3d3671330b462cfbe36738f5e4c53ab9243ee953562

    • SSDEEP

      98304:l1Z6Fgfnd43cPOvp/5ggnoKs7yUzzlLQQNE7zWSzF6NUbA9mCpGDQpuVPvx5ctOx:ln6FuTa1TnUPlLQQNArLbA48GDuuN

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks