General

  • Target

    1cad1f43e4768f56d68bb2b2737b7f5eebe78e8737f38.exe

  • Size

    18.3MB

  • Sample

    240925-3sab8avbmn

  • MD5

    2afbe1369dd12cc3264a4b4c332396b0

  • SHA1

    06b730230788c3f066f634a0c2a499e961180e26

  • SHA256

    1cad1f43e4768f56d68bb2b2737b7f5eebe78e8737f38bc6fc8dc06c595a08ad

  • SHA512

    c95306b6957edad35c15e0252fbb4c98a39ebec5ce25ab396e46a2005ebe84598b0e5bfd0335a8c9010f8f075bf750965723cde84c5609bced09074eb0e666a8

  • SSDEEP

    393216:dd1PUuu6iCDbuNvhuGCDbuNetK0NYAaWzxDxEbXvj2CEBqe6:pUuuvCDbux0GCDbu+6

Malware Config

Targets

    • Target

      1cad1f43e4768f56d68bb2b2737b7f5eebe78e8737f38.exe

    • Size

      18.3MB

    • MD5

      2afbe1369dd12cc3264a4b4c332396b0

    • SHA1

      06b730230788c3f066f634a0c2a499e961180e26

    • SHA256

      1cad1f43e4768f56d68bb2b2737b7f5eebe78e8737f38bc6fc8dc06c595a08ad

    • SHA512

      c95306b6957edad35c15e0252fbb4c98a39ebec5ce25ab396e46a2005ebe84598b0e5bfd0335a8c9010f8f075bf750965723cde84c5609bced09074eb0e666a8

    • SSDEEP

      393216:dd1PUuu6iCDbuNvhuGCDbuNetK0NYAaWzxDxEbXvj2CEBqe6:pUuuvCDbux0GCDbu+6

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks