sectoprat | a2e1b415d5540ba0a4646af0ce2396031f55653710e8c37706f32b2f77edecbf | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

a2e1b415d5540ba0a4646af0ce2396031f55653710e8c37706f32b2f77edecbf
Size

4.6MB
Sample

231126-2fm7wacg6s
MD5

12c12a8a5c9cb98f98f5e378d56a6141
SHA1

827296ef761e92ad2f117c9e92aafd1509ea1c02
SHA256

a2e1b415d5540ba0a4646af0ce2396031f55653710e8c37706f32b2f77edecbf
SHA512

1e7b4ea81858bd52718283f62812ae6dc8108db482c0fd4540b1dbdb8840bb2620ab9e07f06d64ac322d9b6ad31e285d0c466076387c204f2ec8fb9638d82df7
SSDEEP

49152:5SpYISwcy5m+HlVHd2lXCYE5unMItqEktIKQnRGjmRZlFC2LJfZL7RIFJ1XfJGOB:I7QtTyszkXX14WZB7AhkoeXL

Score

10^/10

sectoprat discovery rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

a2e1b415d5540ba0a4646af0ce2396031f55653710e8c37706f32b2f77edecbf.exe

Resource

win7-20231023-en

sectoprat discovery rat spyware stealer trojan

windows7-x64

9 signatures

300 seconds

Behavioral task

behavioral2

Sample

a2e1b415d5540ba0a4646af0ce2396031f55653710e8c37706f32b2f77edecbf.exe

Resource

win10-20231023-en

sectoprat discovery rat spyware stealer trojan

windows10-1703-x64

11 signatures

300 seconds

Malware Config

Targets

- Target
  
  a2e1b415d5540ba0a4646af0ce2396031f55653710e8c37706f32b2f77edecbf
- Size
  
  4.6MB
- MD5
  
  12c12a8a5c9cb98f98f5e378d56a6141
- SHA1
  
  827296ef761e92ad2f117c9e92aafd1509ea1c02
- SHA256
  
  a2e1b415d5540ba0a4646af0ce2396031f55653710e8c37706f32b2f77edecbf
- SHA512
  
  1e7b4ea81858bd52718283f62812ae6dc8108db482c0fd4540b1dbdb8840bb2620ab9e07f06d64ac322d9b6ad31e285d0c466076387c204f2ec8fb9638d82df7
- SSDEEP
  
  49152:5SpYISwcy5m+HlVHd2lXCYE5unMItqEktIKQnRGjmRZlFC2LJfZL7RIFJ1XfJGOB:I7QtTyszkXX14WZB7AhkoeXL
Score

10^/10

sectoprat discovery rat spyware stealer trojan
- Detects Arechclient2 RAT
  Arechclient2.
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sectopratdiscoveryratspywarestealertrojan

behavioral2

sectopratdiscoveryratspywarestealertrojan

© 2018-2025

Terms | Privacy