General
-
Target
3fe6064d693a32ebf17af6e73b22dd7d.bin
-
Size
709KB
-
Sample
240622-dd7xhavapg
-
MD5
62e1518980fd75d0ff0f6c7e0c9dc7df
-
SHA1
033ab04a6915f7250030d1fd543312a705626a84
-
SHA256
c4fbd3be7118a6b63342dbbcffb5bbf162cf448e2532fa944593fb90cf72a008
-
SHA512
67dd75205629c2f153e7fe645cc165365a8a459e3084d67928d6ebbfd19f3d7806e89aadacfaf10caf482cbf808f7b66445c389a0c0db342370091c003ce4c01
-
SSDEEP
12288:lkB+4L9GxuROHMwK+g/Xbx1If+W09TGejTWvRtpZAnKGXmcaXx+DWfxdTW8eNvXC:z89OuROswhg/bvIo98vRtpZoKHcah+Do
Malware Config
Targets
-
-
Target
5b8c7829500e73f58080b635970a9b7898683a9b99e425595eca9dc3fd1c5382.exe
-
Size
1.8MB
-
MD5
3fe6064d693a32ebf17af6e73b22dd7d
-
SHA1
d2734d1e21ec4b5b4883e603527dea2b6dd4714b
-
SHA256
5b8c7829500e73f58080b635970a9b7898683a9b99e425595eca9dc3fd1c5382
-
SHA512
8ee9eb8de35a648625780f6577c9968bfa2b2504c5081f66c708899d392d5cc2166b2d593c22ad0e19984e6c156553ae37702f8953bf3e112a8d6f4aaff91c77
-
SSDEEP
12288:uvsXZv8km0OHcbGbvzWHz0Hnquwxq+t0ssFWylkkoAbtEaJwfNqbYS2VbICKMIUf:ZfPz0Hyzt0ssFlSjKTzi
Score10/10-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-