sectoprat | f780d23cd2090e8dca286a13b33f6ee29dea16cc2b6f48c21195b0f877fb2c98 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

f780d23cd2090e8dca286a13b33f6ee29dea16cc2b6f48c21195b0f877fb2c98
Size

6.5MB
Sample

240114-2d1p7addej
MD5

4ff0ddcb1ec66cab113f0c2543d91b1d
SHA1

0ce9704282eb3e8a0177e1eb05f726f484249ce6
SHA256

f780d23cd2090e8dca286a13b33f6ee29dea16cc2b6f48c21195b0f877fb2c98
SHA512

684ac11719226f2e13fdf8e87e0d065e5d984900e943200d3ce8f02ffb54d7207ffacc96bac08b5c194c12d851bd2d2b8ebe28e6d8a8ec3ed698acfd11d8c7b7
SSDEEP

98304:XyO1+mSLIHtNmgwA/66IoSPdPbYcvrqqJnxXfWflBE6:Cs7NNmgp/66K1Pb1vrqqJN6/

Score

10^/10

sectoprat zgrat rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

f780d23cd2090e8dca286a13b33f6ee29dea16cc2b6f48c21195b0f877fb2c98.exe

Resource

win7-20231215-en

sectoprat zgrat rat trojan

windows7-x64

9 signatures

300 seconds

Behavioral task

behavioral2

Sample

f780d23cd2090e8dca286a13b33f6ee29dea16cc2b6f48c21195b0f877fb2c98.exe

Resource

win10-20231220-en

sectoprat zgrat rat trojan

windows10-1703-x64

12 signatures

300 seconds

Malware Config

Targets

- Target
  
  f780d23cd2090e8dca286a13b33f6ee29dea16cc2b6f48c21195b0f877fb2c98
- Size
  
  6.5MB
- MD5
  
  4ff0ddcb1ec66cab113f0c2543d91b1d
- SHA1
  
  0ce9704282eb3e8a0177e1eb05f726f484249ce6
- SHA256
  
  f780d23cd2090e8dca286a13b33f6ee29dea16cc2b6f48c21195b0f877fb2c98
- SHA512
  
  684ac11719226f2e13fdf8e87e0d065e5d984900e943200d3ce8f02ffb54d7207ffacc96bac08b5c194c12d851bd2d2b8ebe28e6d8a8ec3ed698acfd11d8c7b7
- SSDEEP
  
  98304:XyO1+mSLIHtNmgwA/66IoSPdPbYcvrqqJnxXfWflBE6:Cs7NNmgp/66K1Pb1vrqqJN6/
Score

10^/10

sectoprat zgrat rat trojan
- Detect ZGRat V1
- Detects Arechclient2 RAT
  Arechclient2.
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Drops startup file
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sectopratzgratrattrojan

behavioral2

sectopratzgratrattrojan

© 2018-2025

Terms | Privacy