General

  • Target

    payload28.zip

  • Size

    3.3MB

  • Sample

    241003-kh694axgnc

  • MD5

    5fa6ecbb5ed6e4a18923f94bc268907c

  • SHA1

    5ef9606856be5ea3a8ae875961e82b97f8433c8c

  • SHA256

    c61e49d1e833a1bc9303c2fb2082571f2db96b603147c7bcd33ea1001a85a660

  • SHA512

    a22ada75a3fb2a0f252c46fb90c459943be81c62666d775f653132840f6c719ef88bd49fd30be86ae94f00387e1f40e58a6d7e65f5f837bf33ad44a75b762f69

  • SSDEEP

    98304:uzaB/jZ9Owlgig1tCR1X4XT6Xu/22805+:IaR/OwVGtCfoXT6+Zn5+

Malware Config

Targets

    • Target

      v6.2.01.exe

    • Size

      6.3MB

    • MD5

      1e396d6c94cb42792e209b8e2e1948f6

    • SHA1

      59c1dc22d6636b58796d2ad5ef84a4471b372f09

    • SHA256

      9ef0b7351873989dde1b4bf5e244c617b92bb904152ac1d55a4a1fd93b732d05

    • SHA512

      34edf247c08a0472aec2ca00f464487a32733dee35f1fa85f024dda3ce17104ab35c6b5e414f69399bfc2fe6a8d0f5262c771b55f01a7a8057b59c8580f22a4c

    • SSDEEP

      98304:fW6YrekvPN3f4lCEHfM3q6eH6Yec7p0qCV2/QfBEqSc69:O6YrekRf4RfM3qGYfk2/bq

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks