sectoprat | 6362d1bffe206c89bee4fe9dc2d7de989d8b39f57e450e758a204acc136a754b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

6362d1bffe206c89bee4fe9dc2d7de989d8b39f57e450e758a204acc136a754b
Size

6.0MB
Sample

231211-fl3nvsdecr
MD5

661c91991d35dfbea6380292ccb33e1e
SHA1

e1c979e5cce7f06d81b3d6c63d755b1d96c4ddaf
SHA256

6362d1bffe206c89bee4fe9dc2d7de989d8b39f57e450e758a204acc136a754b
SHA512

f1a82093d57c15dfd1f42bde94fe938227abc761fb78eafc4673d27cf007abe1bb7c4508af91f2ef6e53974e15841670e5fa890304b98abc9890948c55e77032
SSDEEP

98304:Tew6tIWP2JLa8Bez8NJKfDxmxtI7y6IoO:Tew6NeJuu4KaUxOy6IoO

Score

10^/10

sectoprat discovery rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6362d1bffe206c89bee4fe9dc2d7de989d8b39f57e450e758a204acc136a754b.exe

Resource

win7-20231020-en

sectoprat discovery rat spyware stealer trojan

windows7-x64

11 signatures

300 seconds

Behavioral task

behavioral2

Sample

6362d1bffe206c89bee4fe9dc2d7de989d8b39f57e450e758a204acc136a754b.exe

Resource

win10-20231023-en

sectoprat discovery rat spyware stealer trojan

windows10-1703-x64

11 signatures

300 seconds

Malware Config

Targets

- Target
  
  6362d1bffe206c89bee4fe9dc2d7de989d8b39f57e450e758a204acc136a754b
- Size
  
  6.0MB
- MD5
  
  661c91991d35dfbea6380292ccb33e1e
- SHA1
  
  e1c979e5cce7f06d81b3d6c63d755b1d96c4ddaf
- SHA256
  
  6362d1bffe206c89bee4fe9dc2d7de989d8b39f57e450e758a204acc136a754b
- SHA512
  
  f1a82093d57c15dfd1f42bde94fe938227abc761fb78eafc4673d27cf007abe1bb7c4508af91f2ef6e53974e15841670e5fa890304b98abc9890948c55e77032
- SSDEEP
  
  98304:Tew6tIWP2JLa8Bez8NJKfDxmxtI7y6IoO:Tew6NeJuu4KaUxOy6IoO
Score

10^/10

sectoprat discovery rat spyware stealer trojan
- Detects Arechclient2 RAT
  Arechclient2.
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sectopratdiscoveryratspywarestealertrojan

behavioral2

sectopratdiscoveryratspywarestealertrojan

© 2018-2025

Terms | Privacy