sectoprat | 9fabf294b8c52202d5ad0c5729ffd96f4712bc062a45bc1902c0efca4137069d | Triage

Sharing

General

Target

hvn.zip
Size

1.9MB
Sample

230919-y5hrxabh5v
MD5

d43f72f0475c726954d688be5f4045fb
SHA1

6930bbf4ff8deedcc39bdce5bb40d9e4068c684e
SHA256

9fabf294b8c52202d5ad0c5729ffd96f4712bc062a45bc1902c0efca4137069d
SHA512

e822b4250baeb684a9d689305346924ab227361330f46401bd37fbaeb6f9f6d22f11545610b182af5fa3cb8f0f040da6661377874aa50352354462b600aa1f5c
SSDEEP

49152:WEmBjUTnxVT/dRT2YUGKmoSL1q/1b43P8IZgfN:WEIITnxdCrGxQVCn+

Score

10^/10

sectoprat rat spyware trojan

Malware Config

Targets

- Target
  
  hvn/VBoxSVC.exe
- Size
  
  954KB
- MD5
  
  4620f1ba5072f37bdedf2650c654595d
- SHA1
  
  7f9079445da0b254457917c97945216eab3536ca
- SHA256
  
  ff14c25bf61e359668e0eeadb48345737caebf658f04e5b7ab4d4f465d0fd01c
- SHA512
  
  842a1935e95be85365b24a560c02b6bb9ec424a89c5e4240c28e2c63864da814dd862c5ed32847c5277570bed2cc1f90e94fe23fb5cd9950dbea4de18584313a
- SSDEEP
  
  12288:FAhvfYClxFGLZx2v0fVmWCHwX2CsyICH8DDFYcs0+qoS9TTa5W9DP4rv8Dsnm:Fivcx2vFDHkxsyIbxxRTTa5W9DP2kIm
Score

10^/10

sectoprat rat spyware trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  hvn/handoff.wav
- Size
  
  1.2MB
- MD5
  
  2d597044fdbb55e2cde4d244ba889467
- SHA1
  
  198df7005f4b1010273a42ff149511b1e112b04c
- SHA256
  
  f7cc708f8ec3409d03dc9e04dca76426d7b1f2dc32f14382efb6db43517e6ff5
- SHA512
  
  41ec6e4718e1aebc706336a899137ee0bc8d32e190d9202fcaa6f49201579ad9554c808e77227c1f61303eb4e746fb06e2d2c366b517419d11af3b439c918268
- SSDEEP
  
  24576:OBQmB6s9TLoHsbXNDxPmXv77IIb3LTPlBruasPyXgk68t9oZU09x4RfQ0:OBQm4sBLoH+NPm/7jTTuJ+QZU09xWh
Score

3^/10
behavioral3 behavioral4
- Target
  
  hvn/libcurl.dll
- Size
  
  666KB
- MD5
  
  6332ea26415a831f4a27910e4a58e967
- SHA1
  
  8d016c6b7dffc40cd9de77c54ccd7d898ced0f46
- SHA256
  
  9155bf17173465cd14407c4ac06c26de625dc3dc356fd10f4d71d690a71878e1
- SHA512
  
  caf6c5da51481bb539bc91eb9fcc8d3b3db79b9ce806b650c2cb1b63966c18f0f87ca788d970bcbff49bfdfd39ef017f4c14a661a0f4f88747de623312fb5e19
- SSDEEP
  
  12288:v+ICJnBDg60crRDjmkqR6tv3cKOuWmDxyEI+mVLIOlwBnq48+mVjt17IbF:v+IPptuWKxyEI+mNIOlenqd+mVx8F
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

sectopratratspywaretrojan

behavioral3

behavioral4

behavioral5

behavioral6