a57e1bcf9538738707f5f6387b72d7bc.exe

General
Target

a57e1bcf9538738707f5f6387b72d7bc.exe

Size

292KB

Sample

210110-2lrq6lr4ln

Score
10 /10
MD5

a57e1bcf9538738707f5f6387b72d7bc

SHA1

839e2f2929292b128f5c71765d15e0b67e19f922

SHA256

bf802ba3e523c502a27e0c9044bc699f0db17ebb00e5b3b9c152038a13c856ed

SHA512

a9a1e3c04f25280f5de47d7a8eebc684481d1b4e05e394127385d2534440f000630e34dd0a22b4ba0870f13abce578b2118fcaf9c41b9f617d920207395e21c8

Malware Config
Targets
Target

a57e1bcf9538738707f5f6387b72d7bc.exe

MD5

a57e1bcf9538738707f5f6387b72d7bc

Filesize

292KB

Score
10 /10
SHA1

839e2f2929292b128f5c71765d15e0b67e19f922

SHA256

bf802ba3e523c502a27e0c9044bc699f0db17ebb00e5b3b9c152038a13c856ed

SHA512

a9a1e3c04f25280f5de47d7a8eebc684481d1b4e05e394127385d2534440f000630e34dd0a22b4ba0870f13abce578b2118fcaf9c41b9f617d920207395e21c8

Tags

Signatures

  • SectopRAT

    Description

    SectopRAT is a remote access trojan first seen in November 2019.

    Tags

  • SectopRAT Payload

  • Enumerates physical storage devices

    Description

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    TTPs

    System Information Discovery
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10