General
-
Target
f2a8840778484a56f1215f0fa8f6e8b0fb805fce99e62c01ff0a1f541f1d6808N.exe
-
Size
1.6MB
-
Sample
241220-f2pf6s1jcx
-
MD5
8802e10d9b969bd59b7b690ff39b0cc0
-
SHA1
7e70b9013793ed8a94132bd8684b41574b7bd719
-
SHA256
f2a8840778484a56f1215f0fa8f6e8b0fb805fce99e62c01ff0a1f541f1d6808
-
SHA512
c43f847960911753496365e5b2835099f318d2b991b73c836807011344dc3188f86522495c86eea432b983dba10d10aba3696d1a38f28de8ec9ab9aa271d8b0c
-
SSDEEP
24576:birlpbr7vGzSbmCC9KST7KddYMhC9dQNz+8pUosGOaCjQoM6XKApF14IeZcCzhK0:47X7vGlCC91T7KdrhC9i4SmIIe1dKSBj
Static task
static1
Behavioral task
behavioral1
Sample
f2a8840778484a56f1215f0fa8f6e8b0fb805fce99e62c01ff0a1f541f1d6808N.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
f2a8840778484a56f1215f0fa8f6e8b0fb805fce99e62c01ff0a1f541f1d6808N.exe
-
Size
1.6MB
-
MD5
8802e10d9b969bd59b7b690ff39b0cc0
-
SHA1
7e70b9013793ed8a94132bd8684b41574b7bd719
-
SHA256
f2a8840778484a56f1215f0fa8f6e8b0fb805fce99e62c01ff0a1f541f1d6808
-
SHA512
c43f847960911753496365e5b2835099f318d2b991b73c836807011344dc3188f86522495c86eea432b983dba10d10aba3696d1a38f28de8ec9ab9aa271d8b0c
-
SSDEEP
24576:birlpbr7vGzSbmCC9KST7KddYMhC9dQNz+8pUosGOaCjQoM6XKApF14IeZcCzhK0:47X7vGlCC91T7KdrhC9i4SmIIe1dKSBj
-
SectopRAT payload
-
Sectoprat family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Enumerates processes with tasklist
-