sectoprat | 847c318454f8f50e77ffba9e88b749b9[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

847c318454f8f50e77ffba9e88b749b9.bin
Size

454KB
MD5

010f47d992151dd10c01f416415b3038
SHA1

5fe2424515385b80c390c188905467c3bc6b63ad
SHA256

d93e1778af384699f58d132e80e4ce5e8aa4e5131e4d082b51417b04abbf2b04
SHA512

c2337fac9b004f1ebee20482c57b6a6f34074125967ccd9cdd85eed0c4f1374a5981ea714e31acd6ee9a25a51133f952801a4a41a59a4d05d9c038944c822d39
SSDEEP

12288:G6Ed0F4MwyZePPqs81MLYXib1R62dRExk9:G5dfMDIPPA2MXzgv

Score

10^/10

sectoprat

Malware Config

Signatures

SectopRAT payload 1 IoCs

resource	yara_rule
static1/unpack001/594edd75d667ca60d5a80f2f5b025afb214c65ca95598b6e39eb99e7fb04e31d.exe	family_sectoprat

Sectoprat family
sectoprat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/594edd75d667ca60d5a80f2f5b025afb214c65ca95598b6e39eb99e7fb04e31d.exe

Files

847c318454f8f50e77ffba9e88b749b9.bin
.zip

Password: infected
594edd75d667ca60d5a80f2f5b025afb214c65ca95598b6e39eb99e7fb04e31d.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 817KB - Virtual size: 817KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ