Overview

overview

10

Static

static

1

1f215f2d91...83.exe

windows7-x64

7

1f215f2d91...83.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1f215f2d9148c8c275951c0245c9e59da552b87129343fe37364d0d281769e83.zip

  • Size

    1.9MB

  • Sample

    230321-rvmjsada6t

  • MD5

    5bf6b68a4851060540d0e317e836ebf2

  • SHA1

    d7b483fcbbbfd8d00ee326658c4aab3989c555f6

  • SHA256

    4eb235a511dfe61ceec23353eb2c9f8af013e2abc65d20aecb20eb3c0623c81e

  • SHA512

    d5bbb29a4fa9349637c7853771410a2762e2df6b06d0425a05456c4401c5e94d53105cf5ede4b86553803458b0412197bbdf116f0a0eb0087231d002f5f0dbb7

  • SSDEEP

    49152:+MxJZ+cSOeqnxOvxKgS6DGNUBrjFjH9FXzqOpnf4I:+yDjvnk6oGNURhjddh1

Score
10/10
sectopratrattrojanupx

Malware Config

Targets

    • Target

      1f215f2d9148c8c275951c0245c9e59da552b87129343fe37364d0d281769e83.exe

    • Size

      2.0MB

    • MD5

      9159a1d1d3894e68bea8e85da245940e

    • SHA1

      fa9681887fd96bdbc101dbe863690aa833dc40a5

    • SHA256

      1f215f2d9148c8c275951c0245c9e59da552b87129343fe37364d0d281769e83

    • SHA512

      acf1cfcf87f32ba0b9e074153169d873fb966d09bcf3e839a7c777fdda4eb27420f14752597ebeba24321a223aeeb8c5f00453fef1a906a28fa4b3e7aefe9329

    • SSDEEP

      49152:cxBvC3gNpMMnpWZa0bSyfYX5pJTWm/SXFZ8BADA5:cf1LWZaegXvUmcZ875

    Score
    10/10
    upxsectopratrattrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks