Overview

overview

10

Static

static

a57e1bcf95...bc.exe

windows7_x64

10

a57e1bcf95...bc.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a57e1bcf9538738707f5f6387b72d7bc.exe

  • Size

    292KB

  • Sample

    210110-2lrq6lr4ln

  • MD5

    a57e1bcf9538738707f5f6387b72d7bc

  • SHA1

    839e2f2929292b128f5c71765d15e0b67e19f922

  • SHA256

    bf802ba3e523c502a27e0c9044bc699f0db17ebb00e5b3b9c152038a13c856ed

  • SHA512

    a9a1e3c04f25280f5de47d7a8eebc684481d1b4e05e394127385d2534440f000630e34dd0a22b4ba0870f13abce578b2118fcaf9c41b9f617d920207395e21c8

Score
10/10
sectopratrattrojan

Malware Config

Targets

    • Target

      a57e1bcf9538738707f5f6387b72d7bc.exe

    • Size

      292KB

    • MD5

      a57e1bcf9538738707f5f6387b72d7bc

    • SHA1

      839e2f2929292b128f5c71765d15e0b67e19f922

    • SHA256

      bf802ba3e523c502a27e0c9044bc699f0db17ebb00e5b3b9c152038a13c856ed

    • SHA512

      a9a1e3c04f25280f5de47d7a8eebc684481d1b4e05e394127385d2534440f000630e34dd0a22b4ba0870f13abce578b2118fcaf9c41b9f617d920207395e21c8

    Score
    10/10
    sectopratrattrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT Payload

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks