General
-
Target
SFHgtxFGtB.ps1
-
Size
35KB
-
Sample
241217-h68rqavmbq
-
MD5
6a34a3dbed524eed6d73c72188418d80
-
SHA1
6a6ee1aa6ad9d9fbd7b7112df3a5c92b83c18667
-
SHA256
45ab4ca2483759d89bc446e6797e86489eb08cfeb3f740440a83ff6d83eb5503
-
SHA512
6fd7dc31836db3062aea0ab2bf0c7b0c45ee188fa9f2a872de968db2635aefc404d057444ec15ffea66585f6aa8e18acf2088e9523ac9138680ef6061465db30
-
SSDEEP
96:YdgXCdz1ArDw1DQXZB08+uFk0WK49Ms00IYY+blwIAAwIYmEYsR0KkMEIIAAYwwP:EZu
Static task
static1
Behavioral task
behavioral1
Sample
SFHgtxFGtB.ps1
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
SFHgtxFGtB.ps1
-
Size
35KB
-
MD5
6a34a3dbed524eed6d73c72188418d80
-
SHA1
6a6ee1aa6ad9d9fbd7b7112df3a5c92b83c18667
-
SHA256
45ab4ca2483759d89bc446e6797e86489eb08cfeb3f740440a83ff6d83eb5503
-
SHA512
6fd7dc31836db3062aea0ab2bf0c7b0c45ee188fa9f2a872de968db2635aefc404d057444ec15ffea66585f6aa8e18acf2088e9523ac9138680ef6061465db30
-
SSDEEP
96:YdgXCdz1ArDw1DQXZB08+uFk0WK49Ms00IYY+blwIAAwIYmEYsR0KkMEIIAAYwwP:EZu
-
SectopRAT payload
-
Sectoprat family
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-