Overview

overview

10

Static

static

10

32c80a0cc8...29.exe

windows7-x64

10

32c80a0cc8...29.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    32c80a0cc80ccef6766137397d43e429.exe

  • Size

    470KB

  • Sample

    230709-vwzghseh54

  • MD5

    32c80a0cc80ccef6766137397d43e429

  • SHA1

    abb0536dfe67091c98a54f13a70c22bef02375aa

  • SHA256

    826e2d460e7da76b3828bc8f015bffe558a30dba4ee1253e81b4a1edfb835522

  • SHA512

    d8992ca5e9bbbe6013fbd363901e673f6168ffd2abf7ef2f82623a55934722eb972e0c49117d338812e81a2241b1a8b5cb9717e732174977d8c9890dd0cf8462

  • SSDEEP

    6144:AyNusrH7I/azX8jTd2rYbNG/pWGwrjrQeX00AKilu4MYex+yFFdDcXlz34Jy3QdJ:Aycq2YsjTHQZwrXQBvKY0++cXlzdOsG

Score
10/10
sectopratdiscoveryratspywarestealertrojan

Malware Config

Targets

    • Target

      32c80a0cc80ccef6766137397d43e429.exe

    • Size

      470KB

    • MD5

      32c80a0cc80ccef6766137397d43e429

    • SHA1

      abb0536dfe67091c98a54f13a70c22bef02375aa

    • SHA256

      826e2d460e7da76b3828bc8f015bffe558a30dba4ee1253e81b4a1edfb835522

    • SHA512

      d8992ca5e9bbbe6013fbd363901e673f6168ffd2abf7ef2f82623a55934722eb972e0c49117d338812e81a2241b1a8b5cb9717e732174977d8c9890dd0cf8462

    • SSDEEP

      6144:AyNusrH7I/azX8jTd2rYbNG/pWGwrjrQeX00AKilu4MYex+yFFdDcXlz34Jy3QdJ:Aycq2YsjTHQZwrXQBvKY0++cXlzdOsG

    Score
    10/10
    sectopratdiscoveryratspywarestealertrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks