General

  • Target

    2024-10-09_acca0668ad0d7fa4b1adcfcc3bbd2b20_magniber

  • Size

    3.9MB

  • Sample

    241009-xezgas1gll

  • MD5

    acca0668ad0d7fa4b1adcfcc3bbd2b20

  • SHA1

    b78490c2e35c74cbedbc4f3428fb409dd9a55a07

  • SHA256

    32b588c34b2dbecea0e5e7b1c95cb50a337696cef3373f6597f7dab3f5cd1046

  • SHA512

    bf1db917add99c418a4213acbe9c33ea1d825f5ff425e45052e01ab7a95ab1378135a5036848ab044c59928955679ace43b3121caa2a48e901e57867501abcc6

  • SSDEEP

    49152:PuyQzwISCnS/djRooJTK7sY7vvvUcwAfUOoYaKggtMt+tK+7xzy1AyBS9okQXxeF:P8wISCnqjn7Y7v3UcwOwJZ8ks

Malware Config

Targets

    • Target

      2024-10-09_acca0668ad0d7fa4b1adcfcc3bbd2b20_magniber

    • Size

      3.9MB

    • MD5

      acca0668ad0d7fa4b1adcfcc3bbd2b20

    • SHA1

      b78490c2e35c74cbedbc4f3428fb409dd9a55a07

    • SHA256

      32b588c34b2dbecea0e5e7b1c95cb50a337696cef3373f6597f7dab3f5cd1046

    • SHA512

      bf1db917add99c418a4213acbe9c33ea1d825f5ff425e45052e01ab7a95ab1378135a5036848ab044c59928955679ace43b3121caa2a48e901e57867501abcc6

    • SSDEEP

      49152:PuyQzwISCnS/djRooJTK7sY7vvvUcwAfUOoYaKggtMt+tK+7xzy1AyBS9okQXxeF:P8wISCnqjn7Y7v3UcwOwJZ8ks

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks