General

  • Target

    1858965825956207b9ea6d82c572053b.exe

  • Size

    768KB

  • Sample

    240906-cfj3sazerj

  • MD5

    1858965825956207b9ea6d82c572053b

  • SHA1

    6379b1d16cd560fa5cb6ebef341a0b4afbd60e7c

  • SHA256

    29675a28d7b5d3cb286b588b630c4193a4bf35bef9b2028264876ba662cb20d3

  • SHA512

    8df34b13c447a28158c891b6adf7992d7b74d00f98ebc007e73a0cdf3ff3a195c9d553fe77a00ac2001d4fae49f96eb1a0aa13551ef4ca2ff6a8414fc793ff12

  • SSDEEP

    12288:4vsXZv8km0OHcbGbvzWHz0HnquwFy+y0ssFWylkkoAbtETKwfNqbYS2VbICKMIU1:7fPz0HOLy0ssFlSjaI

Malware Config

Targets

    • Target

      1858965825956207b9ea6d82c572053b.exe

    • Size

      768KB

    • MD5

      1858965825956207b9ea6d82c572053b

    • SHA1

      6379b1d16cd560fa5cb6ebef341a0b4afbd60e7c

    • SHA256

      29675a28d7b5d3cb286b588b630c4193a4bf35bef9b2028264876ba662cb20d3

    • SHA512

      8df34b13c447a28158c891b6adf7992d7b74d00f98ebc007e73a0cdf3ff3a195c9d553fe77a00ac2001d4fae49f96eb1a0aa13551ef4ca2ff6a8414fc793ff12

    • SSDEEP

      12288:4vsXZv8km0OHcbGbvzWHz0HnquwFy+y0ssFWylkkoAbtETKwfNqbYS2VbICKMIU1:7fPz0HOLy0ssFlSjaI

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks