sectoprat

General

Target

01a374fe3ad1deed124f4f97310c769c
Size

5.9MB
Sample

231229-x412esaefj
MD5

01a374fe3ad1deed124f4f97310c769c
SHA1

3263e4baf4f3f40f3a7e3a6804fe6576837ed046
SHA256

43e03a6b8656d773bc57f8fa1028ff2049269718e52a11d8de1dc1e44c4ed4c2
SHA512

bb48ea2182b6536c1f84c42491ce2dd3d682e4fbc0c5426577e855f50c7d9a9760130d49b612f92ef38bcc927ac2aa5fd8ee42afcdb8c317876ec0878244d0c3
SSDEEP

98304:8+FghWCae/0NRXygKa6I7wHl3dw+uFmMIZVB8aZIei9kGNQ4Dc9JSXxxPBHKtiOV:8+FXCXhg17wFicvBvZKr3D2yzPEtiOV

Score

10^/10

Malware Config

Targets

- Target
  
  01a374fe3ad1deed124f4f97310c769c
- Size
  
  5.9MB
- MD5
  
  01a374fe3ad1deed124f4f97310c769c
- SHA1
  
  3263e4baf4f3f40f3a7e3a6804fe6576837ed046
- SHA256
  
  43e03a6b8656d773bc57f8fa1028ff2049269718e52a11d8de1dc1e44c4ed4c2
- SHA512
  
  bb48ea2182b6536c1f84c42491ce2dd3d682e4fbc0c5426577e855f50c7d9a9760130d49b612f92ef38bcc927ac2aa5fd8ee42afcdb8c317876ec0878244d0c3
- SSDEEP
  
  98304:8+FghWCae/0NRXygKa6I7wHl3dw+uFmMIZVB8aZIei9kGNQ4Dc9JSXxxPBHKtiOV:8+FXCXhg17wFicvBvZKr3D2yzPEtiOV
Score

10^/10

sectoprat evasion rat themida trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1497

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Virtualization/Sandbox Evasion

1

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

SectopRAT payload

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Themida packer

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2