sectoprat | 906623a415b6de1164c7798d3743a5fc06ca0ccc58ca76c8b35ef0a674991608 | Triage

Submit
Reports

Overview

overview

Static

static

3

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

906623a415b6de1164c7798d3743a5fc06ca0ccc58ca76c8b35ef0a674991608
Size

3.7MB
Sample

240201-fj689sbfg8
MD5

eca96e3eb1fe44265acc31373a1dadb9
SHA1

3221c9a9d13cc4b0ae24b7d2cc807f18feb3ea4f
SHA256

906623a415b6de1164c7798d3743a5fc06ca0ccc58ca76c8b35ef0a674991608
SHA512

ce2829831d5e5bc8783dc1d871957184f48504bd2aa741456dab29dbdac72b1ad1c110964232655cae67992283dadfc96f46417bacb700b1bd55ba4b6494a6a1
SSDEEP

98304:lbPH543INzdx/9yiXGBwmcFBcBL+PRao/Szic:lb/5cUxllGBgFamYF

Score

10^/10

sectoprat persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

906623a415b6de1164c7798d3743a5fc06ca0ccc58ca76c8b35ef0a674991608.exe

Resource

win7-20231129-en

sectoprat rat trojan

windows7-x64

9 signatures

300 seconds

Behavioral task

behavioral2

Sample

906623a415b6de1164c7798d3743a5fc06ca0ccc58ca76c8b35ef0a674991608.exe

Resource

win10-20231220-en

sectoprat persistence rat trojan

windows10-1703-x64

10 signatures

300 seconds

Malware Config

Targets

- Target
  
  906623a415b6de1164c7798d3743a5fc06ca0ccc58ca76c8b35ef0a674991608
- Size
  
  3.7MB
- MD5
  
  eca96e3eb1fe44265acc31373a1dadb9
- SHA1
  
  3221c9a9d13cc4b0ae24b7d2cc807f18feb3ea4f
- SHA256
  
  906623a415b6de1164c7798d3743a5fc06ca0ccc58ca76c8b35ef0a674991608
- SHA512
  
  ce2829831d5e5bc8783dc1d871957184f48504bd2aa741456dab29dbdac72b1ad1c110964232655cae67992283dadfc96f46417bacb700b1bd55ba4b6494a6a1
- SSDEEP
  
  98304:lbPH543INzdx/9yiXGBwmcFBcBL+PRao/Szic:lb/5cUxllGBgFamYF
Score

10^/10

sectoprat rat trojan persistence
- Detects Arechclient2 RAT
  Arechclient2.
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

sectopratrattrojan

behavioral2

sectopratpersistencerattrojan

© 2018-2024

Terms | Privacy