General
-
Target
payload28.zip
-
Size
3.3MB
-
Sample
241003-kh694axgnc
-
MD5
5fa6ecbb5ed6e4a18923f94bc268907c
-
SHA1
5ef9606856be5ea3a8ae875961e82b97f8433c8c
-
SHA256
c61e49d1e833a1bc9303c2fb2082571f2db96b603147c7bcd33ea1001a85a660
-
SHA512
a22ada75a3fb2a0f252c46fb90c459943be81c62666d775f653132840f6c719ef88bd49fd30be86ae94f00387e1f40e58a6d7e65f5f837bf33ad44a75b762f69
-
SSDEEP
98304:uzaB/jZ9Owlgig1tCR1X4XT6Xu/22805+:IaR/OwVGtCfoXT6+Zn5+
Static task
static1
Behavioral task
behavioral1
Sample
v6.2.01.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
v6.2.01.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
v6.2.01.exe
-
Size
6.3MB
-
MD5
1e396d6c94cb42792e209b8e2e1948f6
-
SHA1
59c1dc22d6636b58796d2ad5ef84a4471b372f09
-
SHA256
9ef0b7351873989dde1b4bf5e244c617b92bb904152ac1d55a4a1fd93b732d05
-
SHA512
34edf247c08a0472aec2ca00f464487a32733dee35f1fa85f024dda3ce17104ab35c6b5e414f69399bfc2fe6a8d0f5262c771b55f01a7a8057b59c8580f22a4c
-
SSDEEP
98304:fW6YrekvPN3f4lCEHfM3q6eH6Yec7p0qCV2/QfBEqSc69:O6YrekRf4RfM3qGYfk2/bq
Score10/10-
SectopRAT payload
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-