sectoprat | 07a762329f21047bb6a8d75e30f915c651352d2e6b6b213c8a58d6ea475f937b

General

Target

ace2e0db8f7eead17ddf17aae5686525.exe
Size

2.3MB
MD5

ace2e0db8f7eead17ddf17aae5686525
SHA1

3f54e20d3ee79935fd18c6a3dc5db5577e3618c5
SHA256

07a762329f21047bb6a8d75e30f915c651352d2e6b6b213c8a58d6ea475f937b
SHA512

fcbd38ffc15f91bc3f1cbba12c22fc711004b0a50c1ba29393677bdf81f8eeacfc4754e74ccbe5a43688b6a9e71d8da32a127f99a6302edc35b7a5a2fe37a8c9
SSDEEP

49152:6AkaiJGEx+MLwdd9GZo8DH3EsljHa81+YL8KgwhmrU6/9:saiJGyErsZTH0s1HSR9

Score

10^/10

sectoprat rat trojan

Malware Config

Signatures

SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 16 IoCs

resource	yara_rule
behavioral1/memory/2208-3-0x0000000000170000-0x0000000000A30000-memory.dmp	family_sectoprat
behavioral1/memory/2208-5-0x0000000000170000-0x0000000000A30000-memory.dmp	family_sectoprat
behavioral1/memory/2208-6-0x0000000000170000-0x0000000000A30000-memory.dmp	family_sectoprat
behavioral1/memory/2208-7-0x0000000000170000-0x0000000000A30000-memory.dmp	family_sectoprat
behavioral1/memory/2208-11-0x0000000000170000-0x0000000000A30000-memory.dmp	family_sectoprat
behavioral1/memory/2208-12-0x0000000000170000-0x0000000000A30000-memory.dmp	family_sectoprat
behavioral1/memory/2208-13-0x0000000000170000-0x0000000000A30000-memory.dmp	family_sectoprat
behavioral1/memory/2208-14-0x0000000000170000-0x0000000000A30000-memory.dmp	family_sectoprat
behavioral1/memory/2208-15-0x0000000000170000-0x0000000000A30000-memory.dmp	family_sectoprat
behavioral1/memory/2208-16-0x0000000000170000-0x0000000000A30000-memory.dmp	family_sectoprat
behavioral1/memory/2208-17-0x0000000000170000-0x0000000000A30000-memory.dmp	family_sectoprat
behavioral1/memory/2208-18-0x0000000000170000-0x0000000000A30000-memory.dmp	family_sectoprat
behavioral1/memory/2208-19-0x0000000000170000-0x0000000000A30000-memory.dmp	family_sectoprat
behavioral1/memory/2208-20-0x0000000000170000-0x0000000000A30000-memory.dmp	family_sectoprat
behavioral1/memory/2208-21-0x0000000000170000-0x0000000000A30000-memory.dmp	family_sectoprat
behavioral1/memory/2208-22-0x0000000000170000-0x0000000000A30000-memory.dmp	family_sectoprat

Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs

pid	Process
2208	ace2e0db8f7eead17ddf17aae5686525.exe
2208	ace2e0db8f7eead17ddf17aae5686525.exe
2208	ace2e0db8f7eead17ddf17aae5686525.exe
2208	ace2e0db8f7eead17ddf17aae5686525.exe
2208	ace2e0db8f7eead17ddf17aae5686525.exe
2208	ace2e0db8f7eead17ddf17aae5686525.exe
2208	ace2e0db8f7eead17ddf17aae5686525.exe
2208	ace2e0db8f7eead17ddf17aae5686525.exe
2208	ace2e0db8f7eead17ddf17aae5686525.exe
2208	ace2e0db8f7eead17ddf17aae5686525.exe
2208	ace2e0db8f7eead17ddf17aae5686525.exe
2208	ace2e0db8f7eead17ddf17aae5686525.exe
2208	ace2e0db8f7eead17ddf17aae5686525.exe
2208	ace2e0db8f7eead17ddf17aae5686525.exe
2208	ace2e0db8f7eead17ddf17aae5686525.exe
2208	ace2e0db8f7eead17ddf17aae5686525.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2208	ace2e0db8f7eead17ddf17aae5686525.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2208	ace2e0db8f7eead17ddf17aae5686525.exe

C:\Users\Admin\AppData\Local\Temp\ace2e0db8f7eead17ddf17aae5686525.exe
"C:\Users\Admin\AppData\Local\Temp\ace2e0db8f7eead17ddf17aae5686525.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2208-0-0x0000000000170000-0x0000000000A30000-memory.dmp

Filesize
8.8MB

Download
memory/2208-1-0x000000007EBD0000-0x000000007EFA1000-memory.dmp

Filesize
3.8MB

Download
memory/2208-3-0x0000000000170000-0x0000000000A30000-memory.dmp

Filesize
8.8MB

Download
memory/2208-2-0x0000000074550000-0x0000000074C3E000-memory.dmp

Filesize
6.9MB

Download
memory/2208-4-0x0000000003D90000-0x0000000003DD0000-memory.dmp

Filesize
256KB

Download
memory/2208-5-0x0000000000170000-0x0000000000A30000-memory.dmp

Filesize
8.8MB

Download
memory/2208-6-0x0000000000170000-0x0000000000A30000-memory.dmp

Filesize
8.8MB

Download
memory/2208-7-0x0000000000170000-0x0000000000A30000-memory.dmp

Filesize
8.8MB

Download
memory/2208-8-0x000000007EBD0000-0x000000007EFA1000-memory.dmp

Filesize
3.8MB

Download
memory/2208-9-0x0000000074550000-0x0000000074C3E000-memory.dmp

Filesize
6.9MB

Download
memory/2208-10-0x0000000003D90000-0x0000000003DD0000-memory.dmp

Filesize
256KB

Download
memory/2208-11-0x0000000000170000-0x0000000000A30000-memory.dmp

Filesize
8.8MB

Download
memory/2208-12-0x0000000000170000-0x0000000000A30000-memory.dmp

Filesize
8.8MB

Download
memory/2208-13-0x0000000000170000-0x0000000000A30000-memory.dmp

Filesize
8.8MB

Download
memory/2208-14-0x0000000000170000-0x0000000000A30000-memory.dmp

Filesize
8.8MB

Download
memory/2208-15-0x0000000000170000-0x0000000000A30000-memory.dmp

Filesize
8.8MB

Download
memory/2208-16-0x0000000000170000-0x0000000000A30000-memory.dmp

Filesize
8.8MB

Download
memory/2208-17-0x0000000000170000-0x0000000000A30000-memory.dmp

Filesize
8.8MB

Download
memory/2208-18-0x0000000000170000-0x0000000000A30000-memory.dmp

Filesize
8.8MB

Download
memory/2208-19-0x0000000000170000-0x0000000000A30000-memory.dmp

Filesize
8.8MB

Download
memory/2208-20-0x0000000000170000-0x0000000000A30000-memory.dmp

Filesize
8.8MB

Download
memory/2208-21-0x0000000000170000-0x0000000000A30000-memory.dmp

Filesize
8.8MB

Download
memory/2208-22-0x0000000000170000-0x0000000000A30000-memory.dmp

Filesize
8.8MB

Download

Analysis

Sharing