sectoprat | 3d74c37ade5a7082617acb0cb1697eb18c9a61f7099b04b76967140f3a8d03ec | Triage

Submit
Reports

Overview

overview

Static

static

hfix.exe

windows7_x64

hfix.exe

windows10_x64

Sharing

General

Target

hfix.exe
Size

976KB
Sample

210109-a4yhh7pmkj
MD5

d7c8605a63f8f65eca9833f926d69ca1
SHA1

dc9936697678ea0ab1ab9313f02e60ebb9789a7f
SHA256

3d74c37ade5a7082617acb0cb1697eb18c9a61f7099b04b76967140f3a8d03ec
SHA512

dcc402d9c2392a219995b1ac853c580ccfb7ad18f60b36ca4aa1018e09c2fe1de41495c748d7d698c7a4031a7d5ff07f9a89502913174302f3c24b39eaf1c081

Score

10^/10

sectoprat persistence rat spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

hfix.exe

Resource

win7v20201028

sectoprat persistence rat spyware trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

hfix.exe

Resource

win10v20201028

sectoprat persistence rat spyware trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  hfix.exe
- Size
  
  976KB
- MD5
  
  d7c8605a63f8f65eca9833f926d69ca1
- SHA1
  
  dc9936697678ea0ab1ab9313f02e60ebb9789a7f
- SHA256
  
  3d74c37ade5a7082617acb0cb1697eb18c9a61f7099b04b76967140f3a8d03ec
- SHA512
  
  dcc402d9c2392a219995b1ac853c580ccfb7ad18f60b36ca4aa1018e09c2fe1de41495c748d7d698c7a4031a7d5ff07f9a89502913174302f3c24b39eaf1c081
Score

10^/10

sectoprat persistence rat spyware trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT Payload
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

sectopratpersistenceratspywaretrojan

behavioral2

sectopratpersistenceratspywaretrojan

© 2018-2024

Terms | Privacy