sectoprat | 8176372efc5245ddba7b8db5faa5ef67f1b02253a2f66136849f464f547b6cb6 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

winprofile

windows7-x64

1

winprofile

windows10-1703-x64

Sharing

General

Target

8176372efc5245ddba7b8db5faa5ef67f1b02253a2f66136849f464f547b6cb6
Size

4.6MB
Sample

231231-2c5bzshgf9
MD5

bd2be2124edbaf6760cfa6d5031376d0
SHA1

5beb35e653026234788eabae2bfec4c751d0bcfc
SHA256

8176372efc5245ddba7b8db5faa5ef67f1b02253a2f66136849f464f547b6cb6
SHA512

9394b4186507580fec0a08ac05ddbe0e800c7b88d828cf92e6b98f3b5b6bda402222702211c7754ac44f235476d3b94ba7d3bd5f21e56f5b51b4d83ab8d99f89
SSDEEP

98304:G2M8YJUeFIp6G3zIA2t1j+ggu3D6DxVW9ab6bLnjJY6yfr7O:G2M8YJUUIpDz12tt+gNmD2TbSVr7O

Score

10^/10

sectoprat discovery rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8176372efc5245ddba7b8db5faa5ef67f1b02253a2f66136849f464f547b6cb6.exe

Resource

win7-20231129-en

windows7-x64

0 signatures

300 seconds

Behavioral task

behavioral2

Sample

8176372efc5245ddba7b8db5faa5ef67f1b02253a2f66136849f464f547b6cb6.exe

Resource

win10-20231215-en

sectoprat discovery rat spyware stealer trojan

windows10-1703-x64

11 signatures

300 seconds

Malware Config

Targets

- Target
  
  8176372efc5245ddba7b8db5faa5ef67f1b02253a2f66136849f464f547b6cb6
- Size
  
  4.6MB
- MD5
  
  bd2be2124edbaf6760cfa6d5031376d0
- SHA1
  
  5beb35e653026234788eabae2bfec4c751d0bcfc
- SHA256
  
  8176372efc5245ddba7b8db5faa5ef67f1b02253a2f66136849f464f547b6cb6
- SHA512
  
  9394b4186507580fec0a08ac05ddbe0e800c7b88d828cf92e6b98f3b5b6bda402222702211c7754ac44f235476d3b94ba7d3bd5f21e56f5b51b4d83ab8d99f89
- SSDEEP
  
  98304:G2M8YJUeFIp6G3zIA2t1j+ggu3D6DxVW9ab6bLnjJY6yfr7O:G2M8YJUUIpDz12tt+gNmD2TbSVr7O
Score

10^/10

sectoprat discovery rat spyware stealer trojan
- Detects Arechclient2 RAT
  Arechclient2.
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

sectopratdiscoveryratspywarestealertrojan

© 2018-2025

Terms | Privacy