Behavioral task
behavioral1
Sample
deobfus.exe
Resource
win7-20230220-en
3 signatures
150 seconds
General
-
Target
virus5.7z
-
Size
388KB
-
MD5
65b4d1b62dc4d76f64529cfffc6d150e
-
SHA1
a564c230c583caf1ed383cbcf9ee8832783d11e3
-
SHA256
7a31c82d395ba94f83dcd38399b93ea415ea930712a40d1c93064d9407e31f61
-
SHA512
17804e82be538554bfa0dfec948ee2a6c6ceb968c8518d1749b862e2f8d6ac33cf0171cb6e9bdc760398f6f339f65a8e9811e2adf930e4033af96e89dfe92e62
-
SSDEEP
12288:ZDf2Z4/rsvhhssM2TbOsTwjw6qDZmYFDmGH+7D:ZD2xss/bOsTMwJGd
Score
10/10
Malware Config
Signatures
-
SectopRAT payload 1 IoCs
resource yara_rule static1/unpack001/deobfus.exe family_sectoprat -
Sectoprat family
Files
-
virus5.7z.7z
Password: infected
-
deobfus.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 826KB - Virtual size: 826KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ