sectoprat | f1278b48576982cafe7efbe9a529d710d90462ca3015f915890811c1a64ad503

General

Target

c0771afb6d2c438738d475a030345155.exe
Size

2.0MB
MD5

c0771afb6d2c438738d475a030345155
SHA1

532b817ea3d16a3acbced3e4d385fc485ec290f4
SHA256

f1278b48576982cafe7efbe9a529d710d90462ca3015f915890811c1a64ad503
SHA512

b4a8f99f8b1d0d7f101a12106675d7236104bfde083f057820687315cf4fcd485a27db051e477900da7348d83023cce2d006f3c7372dee5d716877a8293fdc05
SSDEEP

49152:qs82io1naWsNH2L7mVWjxYNqGJ3f97rX569FLJnbP9:qs8YdoNWL7w+GJP97rXaFH

Score

10^/10

sectoprat rat trojan

Malware Config

Signatures

SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 16 IoCs

resource	yara_rule
behavioral2/memory/4828-2-0x0000000000800000-0x0000000001110000-memory.dmp	family_sectoprat
behavioral2/memory/4828-10-0x0000000000800000-0x0000000001110000-memory.dmp	family_sectoprat
behavioral2/memory/4828-11-0x0000000000800000-0x0000000001110000-memory.dmp	family_sectoprat
behavioral2/memory/4828-13-0x0000000000800000-0x0000000001110000-memory.dmp	family_sectoprat
behavioral2/memory/4828-16-0x0000000000800000-0x0000000001110000-memory.dmp	family_sectoprat
behavioral2/memory/4828-17-0x0000000000800000-0x0000000001110000-memory.dmp	family_sectoprat
behavioral2/memory/4828-18-0x0000000000800000-0x0000000001110000-memory.dmp	family_sectoprat
behavioral2/memory/4828-19-0x0000000000800000-0x0000000001110000-memory.dmp	family_sectoprat
behavioral2/memory/4828-20-0x0000000000800000-0x0000000001110000-memory.dmp	family_sectoprat
behavioral2/memory/4828-21-0x0000000000800000-0x0000000001110000-memory.dmp	family_sectoprat
behavioral2/memory/4828-22-0x0000000000800000-0x0000000001110000-memory.dmp	family_sectoprat
behavioral2/memory/4828-23-0x0000000000800000-0x0000000001110000-memory.dmp	family_sectoprat
behavioral2/memory/4828-24-0x0000000000800000-0x0000000001110000-memory.dmp	family_sectoprat
behavioral2/memory/4828-25-0x0000000000800000-0x0000000001110000-memory.dmp	family_sectoprat
behavioral2/memory/4828-26-0x0000000000800000-0x0000000001110000-memory.dmp	family_sectoprat
behavioral2/memory/4828-27-0x0000000000800000-0x0000000001110000-memory.dmp	family_sectoprat

Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs

pid	Process
4828	c0771afb6d2c438738d475a030345155.exe
4828	c0771afb6d2c438738d475a030345155.exe
4828	c0771afb6d2c438738d475a030345155.exe
4828	c0771afb6d2c438738d475a030345155.exe
4828	c0771afb6d2c438738d475a030345155.exe
4828	c0771afb6d2c438738d475a030345155.exe
4828	c0771afb6d2c438738d475a030345155.exe
4828	c0771afb6d2c438738d475a030345155.exe
4828	c0771afb6d2c438738d475a030345155.exe
4828	c0771afb6d2c438738d475a030345155.exe
4828	c0771afb6d2c438738d475a030345155.exe
4828	c0771afb6d2c438738d475a030345155.exe
4828	c0771afb6d2c438738d475a030345155.exe
4828	c0771afb6d2c438738d475a030345155.exe
4828	c0771afb6d2c438738d475a030345155.exe
4828	c0771afb6d2c438738d475a030345155.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4828	c0771afb6d2c438738d475a030345155.exe

C:\Users\Admin\AppData\Local\Temp\c0771afb6d2c438738d475a030345155.exe
"C:\Users\Admin\AppData\Local\Temp\c0771afb6d2c438738d475a030345155.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:4828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4828-0-0x0000000000800000-0x0000000001110000-memory.dmp

Filesize
9.1MB

Download
memory/4828-1-0x000000007EDD0000-0x000000007F1A1000-memory.dmp

Filesize
3.8MB

Download
memory/4828-3-0x00000000744C0000-0x0000000074C70000-memory.dmp

Filesize
7.7MB

Download
memory/4828-4-0x0000000007270000-0x0000000007888000-memory.dmp

Filesize
6.1MB

Download
memory/4828-6-0x0000000006D60000-0x0000000006E6A000-memory.dmp

Filesize
1.0MB

Download
memory/4828-8-0x0000000006C50000-0x0000000006C8C000-memory.dmp

Filesize
240KB

Download
memory/4828-7-0x0000000006FA0000-0x0000000006FB0000-memory.dmp

Filesize
64KB

Download
memory/4828-9-0x0000000006C90000-0x0000000006CDC000-memory.dmp

Filesize
304KB

Download
memory/4828-5-0x00000000047E0000-0x00000000047F2000-memory.dmp

Filesize
72KB

Download
memory/4828-2-0x0000000000800000-0x0000000001110000-memory.dmp

Filesize
9.1MB

Download
memory/4828-10-0x0000000000800000-0x0000000001110000-memory.dmp

Filesize
9.1MB

Download
memory/4828-11-0x0000000000800000-0x0000000001110000-memory.dmp

Filesize
9.1MB

Download
memory/4828-12-0x000000007EDD0000-0x000000007F1A1000-memory.dmp

Filesize
3.8MB

Download
memory/4828-13-0x0000000000800000-0x0000000001110000-memory.dmp

Filesize
9.1MB

Download
memory/4828-14-0x00000000744C0000-0x0000000074C70000-memory.dmp

Filesize
7.7MB

Download
memory/4828-15-0x0000000006FA0000-0x0000000006FB0000-memory.dmp

Filesize
64KB

Download
memory/4828-16-0x0000000000800000-0x0000000001110000-memory.dmp

Filesize
9.1MB

Download
memory/4828-17-0x0000000000800000-0x0000000001110000-memory.dmp

Filesize
9.1MB

Download
memory/4828-18-0x0000000000800000-0x0000000001110000-memory.dmp

Filesize
9.1MB

Download
memory/4828-19-0x0000000000800000-0x0000000001110000-memory.dmp

Filesize
9.1MB

Download
memory/4828-20-0x0000000000800000-0x0000000001110000-memory.dmp

Filesize
9.1MB

Download
memory/4828-21-0x0000000000800000-0x0000000001110000-memory.dmp

Filesize
9.1MB

Download
memory/4828-22-0x0000000000800000-0x0000000001110000-memory.dmp

Filesize
9.1MB

Download
memory/4828-23-0x0000000000800000-0x0000000001110000-memory.dmp

Filesize
9.1MB

Download
memory/4828-24-0x0000000000800000-0x0000000001110000-memory.dmp

Filesize
9.1MB

Download
memory/4828-25-0x0000000000800000-0x0000000001110000-memory.dmp

Filesize
9.1MB

Download
memory/4828-26-0x0000000000800000-0x0000000001110000-memory.dmp

Filesize
9.1MB

Download
memory/4828-27-0x0000000000800000-0x0000000001110000-memory.dmp

Filesize
9.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads