Overview

overview

10

Static

static

1

Xrcpdrvxnb.exe

windows7-x64

1

Xrcpdrvxnb.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    DANGER_INFECTED_FILE_MDE_File_Sample_5b91224ab869f39a4fdcd24f1b3f7eebb8c2842b.zip

  • Size

    978KB

  • Sample

    230703-xe1dlaba41

  • MD5

    07099219aa41815fae4a0fc94788d7cf

  • SHA1

    a9a50c9417c81c67c0ff4c7c44abd8771cb0270a

  • SHA256

    70547af23ed4d780e812aff0edda14f0abddd9a6fe7f76ab20c5a517b8fc9121

  • SHA512

    dae965c39452246f23db5177664c1b7c949bf555b7a3d3843c12a3ae1804530f35dbebd5919333b9f81970b405ce04eacbc3d7966772e21866255c865c046674

  • SSDEEP

    24576:Bxb1Wesh2FIOlIZeynV+B8ez4yxVy4S7rphiZYiT:Lzsh2si8HyfgQv

Score
10/10
sectopratrattrojan

Malware Config

Targets

    • Target

      Xrcpdrvxnb.exe

    • Size

      2.7MB

    • MD5

      2139a76fbb485ffaa026b03a4ca697ad

    • SHA1

      5b91224ab869f39a4fdcd24f1b3f7eebb8c2842b

    • SHA256

      90efa08171bbe04594a4e77fe5b7a173b8f087bda4d279de62a18c73c29b9fed

    • SHA512

      7ebd8dd39bd283ada1a10f63e344edff9ce78f54f811122c0e5160610390ce7c352e6ee5db78ccc5ab12c8a17a1690fba796c7337ddf9a0d8dd96860c2830121

    • SSDEEP

      24576:NMdDndNUPEn8rUTIFxXN+s4n+doJDmecmdm8R/8RJg5:gdN0EndoFU8CTg8AY

    Score
    10/10
    sectopratrattrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks