General
-
Target
06e81f5bb3b70ddd48d4711afd1f75776bc1e28e787ffd5dab9459083796f437
-
Size
4.0MB
-
Sample
241117-tqlsssxrgm
-
MD5
67b0d57e74adeef2f15582f95c9d5c43
-
SHA1
4d359d98992b6ee3b47aa7667fcd74d25ca715bd
-
SHA256
06e81f5bb3b70ddd48d4711afd1f75776bc1e28e787ffd5dab9459083796f437
-
SHA512
f2691b4fdbbce2cf34483227362ff93d4b96f170ac17337d54971b0cc340da7beabedeb25bf26aaeeacb92e1066b93ccec65e742481e293928ea20c795be4a5e
-
SSDEEP
49152:PjKdrRvp7grhJqZyc0PGMMlADKD7IRHxg:PjKdrRvJchJq6GPlA2D0RHxg
Static task
static1
Behavioral task
behavioral1
Sample
06e81f5bb3b70ddd48d4711afd1f75776bc1e28e787ffd5dab9459083796f437.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
06e81f5bb3b70ddd48d4711afd1f75776bc1e28e787ffd5dab9459083796f437
-
Size
4.0MB
-
MD5
67b0d57e74adeef2f15582f95c9d5c43
-
SHA1
4d359d98992b6ee3b47aa7667fcd74d25ca715bd
-
SHA256
06e81f5bb3b70ddd48d4711afd1f75776bc1e28e787ffd5dab9459083796f437
-
SHA512
f2691b4fdbbce2cf34483227362ff93d4b96f170ac17337d54971b0cc340da7beabedeb25bf26aaeeacb92e1066b93ccec65e742481e293928ea20c795be4a5e
-
SSDEEP
49152:PjKdrRvp7grhJqZyc0PGMMlADKD7IRHxg:PjKdrRvJchJq6GPlA2D0RHxg
-
SectopRAT payload
-
Sectoprat family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Enumerates processes with tasklist
-