Pliytbob.bin

General
Target

Pliytbob.bin

Size

763KB

Sample

210109-ejf6gnw1te

Score
10 /10
MD5

c6deefce6d5efb810c81e7a0c5bc6b1f

SHA1

88c68b80aa3733b6c3ced2c6b78345d823691b73

SHA256

0aab2dd3ec0c4ee98be1c56356c21888078d33ab2b44410e0024034284a4fb86

SHA512

8b5962b3183ba564d30dacc8ddd358306263608232d7f6d414e346cc09d2978ab250f87a2ef252f9fcfe53291e92b7e524f0b6f99ad73e7d80f9b671e4d86076

Malware Config
Targets
Target

Pliytbob.bin

MD5

c6deefce6d5efb810c81e7a0c5bc6b1f

Filesize

763KB

Score
10 /10
SHA1

88c68b80aa3733b6c3ced2c6b78345d823691b73

SHA256

0aab2dd3ec0c4ee98be1c56356c21888078d33ab2b44410e0024034284a4fb86

SHA512

8b5962b3183ba564d30dacc8ddd358306263608232d7f6d414e346cc09d2978ab250f87a2ef252f9fcfe53291e92b7e524f0b6f99ad73e7d80f9b671e4d86076

Tags

Signatures

  • SectopRAT

    Description

    SectopRAT is a remote access trojan first seen in November 2019.

    Tags

  • SectopRAT Payload

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10