General

  • Target

    233.exe

  • Size

    19.0MB

  • Sample

    240826-w2ppyazdlk

  • MD5

    b3053241f1c36b03564b673c0f9e3b27

  • SHA1

    50016af08cc932d450eb3cf20f3c3b81c28c8623

  • SHA256

    a596232a5808eb61c562fd20f88e388b1ce97889c7eb5cfe043394ce1bffe720

  • SHA512

    3243974709847a20d2175687b38de99febae2e07350b9861220d0eb2660e6e4799db4f312211ccf1d5e8ee3842b260ef224e5cc00cbb646e72c7aaa35de4c0b1

  • SSDEEP

    393216:/laGSydD9a0R0xGMECkqcbxcFmsiJu/4e1xAtbYoQpKiLtabcmYwThYnTs3aKLd0:zJn0CS4LBi5abcmYwTas3aKL6WvJHqmo

Malware Config

Targets

    • Target

      233.exe

    • Size

      19.0MB

    • MD5

      b3053241f1c36b03564b673c0f9e3b27

    • SHA1

      50016af08cc932d450eb3cf20f3c3b81c28c8623

    • SHA256

      a596232a5808eb61c562fd20f88e388b1ce97889c7eb5cfe043394ce1bffe720

    • SHA512

      3243974709847a20d2175687b38de99febae2e07350b9861220d0eb2660e6e4799db4f312211ccf1d5e8ee3842b260ef224e5cc00cbb646e72c7aaa35de4c0b1

    • SSDEEP

      393216:/laGSydD9a0R0xGMECkqcbxcFmsiJu/4e1xAtbYoQpKiLtabcmYwThYnTs3aKLd0:zJn0CS4LBi5abcmYwTas3aKL6WvJHqmo

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks