General
-
Target
saleforce_offline_installer.exe
-
Size
8.9MB
-
Sample
250207-lal5maxpgk
-
MD5
aa1ec7571a7e45ee718fd35136abb2cc
-
SHA1
354b52630cd08560aefe7b78efe5e0c0e9cc12a5
-
SHA256
645e557e03904aca48c1e0467a94de924a8359b6e5a98354a6e44aa2abeba84a
-
SHA512
c00bce637b1d2f5e28d34da816b0d0d3f1d81cc9fe59c953514b65c70c0e3f8b79c9677d4b928447b14829f884e8524b7966df5fd9d6d18bb87e580026e909c7
-
SSDEEP
196608:9hjidJFvglcIAtzyRxJugLjygdnyYQ8X+uPOStz73vK:9QdJ1glxAFyRFjycnJnPt73vK
Malware Config
Targets
-
-
Target
saleforce_offline_installer.exe
-
Size
8.9MB
-
MD5
aa1ec7571a7e45ee718fd35136abb2cc
-
SHA1
354b52630cd08560aefe7b78efe5e0c0e9cc12a5
-
SHA256
645e557e03904aca48c1e0467a94de924a8359b6e5a98354a6e44aa2abeba84a
-
SHA512
c00bce637b1d2f5e28d34da816b0d0d3f1d81cc9fe59c953514b65c70c0e3f8b79c9677d4b928447b14829f884e8524b7966df5fd9d6d18bb87e580026e909c7
-
SSDEEP
196608:9hjidJFvglcIAtzyRxJugLjygdnyYQ8X+uPOStz73vK:9QdJ1glxAFyRFjycnJnPt73vK
Score10/10-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Sectoprat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-