sectoprat | 2afe84f8866168611d41b5eec0345f3e3459f611a77859f71f9be7e0f635736d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

2afe84f8866168611d41b5eec0345f3e3459f611a77859f71f9be7e0f635736d
Size

4.7MB
Sample

231210-19b62adgfm
MD5

37f406c2985041ad85f1f3d6db1249ff
SHA1

56f4ed0bcba0bf7fe60c27d1ddf260f32b9e29c3
SHA256

2afe84f8866168611d41b5eec0345f3e3459f611a77859f71f9be7e0f635736d
SHA512

f3415cb83d10ef62aca5986dd668b1109162651eaf509a06ee42bc1f3fb63c2ff5d8ab7ceeac9c098f3b5f121c8d278a0d97f3341e13f0f55bf564aaed1f5b6b
SSDEEP

98304:xrfhS3srwSUx+DMn+8vYDhRgUqmF14UZr:xrfhS3EDg+lZt9Z

Score

10^/10

sectoprat zgrat discovery rat spyware stealer trojan

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

2afe84f8866168611d41b5eec0345f3e3459f611a77859f71f9be7e0f635736d.exe

Resource

win7-20231020-en

sectoprat zgrat discovery rat spyware stealer trojan

windows7-x64

12 signatures

300 seconds

Behavioral task

behavioral2

Sample

2afe84f8866168611d41b5eec0345f3e3459f611a77859f71f9be7e0f635736d.exe

Resource

win10-20231020-en

sectoprat zgrat discovery rat spyware stealer trojan

windows10-1703-x64

15 signatures

300 seconds

Malware Config

Targets

- Target
  
  2afe84f8866168611d41b5eec0345f3e3459f611a77859f71f9be7e0f635736d
- Size
  
  4.7MB
- MD5
  
  37f406c2985041ad85f1f3d6db1249ff
- SHA1
  
  56f4ed0bcba0bf7fe60c27d1ddf260f32b9e29c3
- SHA256
  
  2afe84f8866168611d41b5eec0345f3e3459f611a77859f71f9be7e0f635736d
- SHA512
  
  f3415cb83d10ef62aca5986dd668b1109162651eaf509a06ee42bc1f3fb63c2ff5d8ab7ceeac9c098f3b5f121c8d278a0d97f3341e13f0f55bf564aaed1f5b6b
- SSDEEP
  
  98304:xrfhS3srwSUx+DMn+8vYDhRgUqmF14UZr:xrfhS3EDg+lZt9Z
Score

10^/10

sectoprat zgrat discovery rat spyware stealer trojan
- Detect ZGRat V1
- Detects Arechclient2 RAT
  Arechclient2.
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sectopratzgratdiscoveryratspywarestealertrojan

behavioral2

sectopratzgratdiscoveryratspywarestealertrojan

© 2018-2025

Terms | Privacy