Behavioral task
behavioral1
Sample
594edd75d667ca60d5a80f2f5b025afb214c65ca95598b6e39eb99e7fb04e31d.exe
Resource
win7-20240221-en
General
-
Target
851735022e2544bda74f9eb58bd4fbf8e1268c4a86e3085d9fc0cbd4a13d3951
-
Size
454KB
-
MD5
6a59669b62acf5c4ef64aabb549cd177
-
SHA1
254d4a165cc8d0874ae8cea1f632b251b4d07fb0
-
SHA256
851735022e2544bda74f9eb58bd4fbf8e1268c4a86e3085d9fc0cbd4a13d3951
-
SHA512
3e1e6f5c5b7d311c80232538149f659e4c40b5ba071dbfad38609a2b042816ad3ac3fa437d099d325f3509ed680b74abe4c11ec6fb4f489ec7f3b9ecd95bf610
-
SSDEEP
12288:RpST7hes6BizNe8bNvfUCWNWlOBvT5lvKMbZR/81oNpo8Z:6LiYeweCWolyvvKMbTooNp7
Malware Config
Signatures
-
SectopRAT payload 1 IoCs
resource yara_rule static1/unpack001/594edd75d667ca60d5a80f2f5b025afb214c65ca95598b6e39eb99e7fb04e31d.exe family_sectoprat -
Sectoprat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/594edd75d667ca60d5a80f2f5b025afb214c65ca95598b6e39eb99e7fb04e31d.exe
Files
-
851735022e2544bda74f9eb58bd4fbf8e1268c4a86e3085d9fc0cbd4a13d3951.zip
Password: infected
-
594edd75d667ca60d5a80f2f5b025afb214c65ca95598b6e39eb99e7fb04e31d.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 817KB - Virtual size: 817KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ