General

  • Target

    TrueImageMonitor.exe.zip

  • Size

    12.0MB

  • Sample

    241011-l96cjssfkp

  • MD5

    1349e5fa010fe4e557cc6197d481f8c4

  • SHA1

    40bb0d6409c53366f60e8e76e05a51c4ac626e29

  • SHA256

    6d28395c39fbed6ab3ad6de927dd4944bd4d2f1eb325d9c0ff3241dfc3e2fa70

  • SHA512

    c3577d4c4b63aa98ec1136aa9563b177cceed28456a19536609774cd2656546107999598acd168b7fab235f34f2c13ce8502a778334c61af2065c2dacdb7190c

  • SSDEEP

    196608:KIFgiHycRriczS56Bjs+U1IyI8h5wa0Hi7ePXTNaE/DWmmIlNJEOsuFC:KUg24N5sF8jw5iK/JaEZm0NlM

Malware Config

Targets

    • Target

      TrueImageMonitor.exe

    • Size

      17.7MB

    • MD5

      af7fc426bf2ee1d801a8180e31139dc1

    • SHA1

      8b26d7e11be00149ea6a1c0a56a77f062b5ce432

    • SHA256

      d2c7e32fb7cf7b97421dae75889afc0d8438b0cbbe6d608775751591a10d40c0

    • SHA512

      c8f13f427e82c75f7c9dffe7b1716bb87f676d10dbb3249d940a4d30e5a22c292ab8837f59b14a89e5391b4cbb5ad7e37d0b4ec19aeb9665ef5eb90dd65d6c19

    • SSDEEP

      393216:qKx81sE0EZgkLKNihH+MUoczZPm7TK0YfJW6HKDaFuK0qIxewV3kowTJUKlL70K9:iqczYfsBtUwV3kowTnL70KfdltFTqTl8

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks