sectoprat | 420dfb75c981fe4ab474de914e92c8171f52544d1f3a4d66bf9249e8578d729d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

62ee5b95c3...67.exe

windows7-x64

7

62ee5b95c3...67.exe

windows10-2004-x64

Sharing

General

Target

62ee5b95c34acf1b01e338ad370c4dda687bdd67
Size

248KB
Sample

230203-xmmgpshc56
MD5

4ca04b351bb18652fcda67b45eed03a9
SHA1

62ee5b95c34acf1b01e338ad370c4dda687bdd67
SHA256

420dfb75c981fe4ab474de914e92c8171f52544d1f3a4d66bf9249e8578d729d
SHA512

d462553e89b0adda35854157bdbb668dc6ac7e415f5dcf37cf65aecd19ff1d93f0aa18e8831f59be5982c21d71715dfa227958696b81d71a9cde8ec9bc79c7b6
SSDEEP

6144:m8OyFY+X5tuRG9YodJ8mQccZowlFfo7qa4D64+94QIKgFLKyEs2UfaoksNzB1jpU:TFY+X5tuRG9YodJ8mQccZowlFfo7qa4U

Score

10^/10

sectoprat persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

62ee5b95c34acf1b01e338ad370c4dda687bdd67.exe

Resource

win7-20221111-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

62ee5b95c34acf1b01e338ad370c4dda687bdd67.exe

Resource

win10v2004-20220812-en

sectoprat persistence rat trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  62ee5b95c34acf1b01e338ad370c4dda687bdd67
- Size
  
  248KB
- MD5
  
  4ca04b351bb18652fcda67b45eed03a9
- SHA1
  
  62ee5b95c34acf1b01e338ad370c4dda687bdd67
- SHA256
  
  420dfb75c981fe4ab474de914e92c8171f52544d1f3a4d66bf9249e8578d729d
- SHA512
  
  d462553e89b0adda35854157bdbb668dc6ac7e415f5dcf37cf65aecd19ff1d93f0aa18e8831f59be5982c21d71715dfa227958696b81d71a9cde8ec9bc79c7b6
- SSDEEP
  
  6144:m8OyFY+X5tuRG9YodJ8mQccZowlFfo7qa4D64+94QIKgFLKyEs2UfaoksNzB1jpU:TFY+X5tuRG9YodJ8mQccZowlFfo7qa4U
Score

10^/10

persistence sectoprat rat trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

sectopratpersistencerattrojan

© 2018-2025

Terms | Privacy