sectoprat | 746bf7bf51a835dd5a31e5de08e37900e8c49a2b4f5dac494bd897385f21d9f4 | Triage

Submit
Reports

Overview

overview

Static

static

3

ISetup2.exe

windows7-x64

ISetup2.exe

windows10-2004-x64

Sharing

General

Target

ISetup2.exe
Size

412KB
Sample

240419-dtvbcafb82
MD5

db549bf7b1403909f8cc9d199c0df2ce
SHA1

a19c7a98aab63e793bec2c62dc17d0cd8e9e62a0
SHA256

746bf7bf51a835dd5a31e5de08e37900e8c49a2b4f5dac494bd897385f21d9f4
SHA512

6e18623990df23f9d80e1f901519e728870ef5f79ee3583e6caaf9ca107c36d893f46eb70962df9180a05043e4b510786e6a553d92e9933cb18b01ea5ce346b2
SSDEEP

6144:te64OHLc0cFFQ4hGCAid5LQwpgJHkGNCcxAtrMMYX7XD/:TLc0cFFzwCAbdmkmMMQD/

Score

10^/10

sectoprat stealc zgrat rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ISetup2.exe

Resource

win7-20240221-en

sectoprat stealc zgrat rat spyware stealer trojan

windows7-x64

21 signatures

300 seconds

Behavioral task

behavioral2

Sample

ISetup2.exe

Resource

win10v2004-20240226-en

sectoprat stealc zgrat rat stealer trojan

windows10-2004-x64

22 signatures

300 seconds

Malware Config

Targets

- Target
  
  ISetup2.exe
- Size
  
  412KB
- MD5
  
  db549bf7b1403909f8cc9d199c0df2ce
- SHA1
  
  a19c7a98aab63e793bec2c62dc17d0cd8e9e62a0
- SHA256
  
  746bf7bf51a835dd5a31e5de08e37900e8c49a2b4f5dac494bd897385f21d9f4
- SHA512
  
  6e18623990df23f9d80e1f901519e728870ef5f79ee3583e6caaf9ca107c36d893f46eb70962df9180a05043e4b510786e6a553d92e9933cb18b01ea5ce346b2
- SSDEEP
  
  6144:te64OHLc0cFFQ4hGCAid5LQwpgJHkGNCcxAtrMMYX7XD/:TLc0cFFzwCAbdmkmMMQD/
Score

10^/10

sectoprat stealc zgrat rat spyware stealer trojan
- Detect ZGRat V1
- Detects Arechclient2 RAT
  Arechclient2.
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

sectopratstealczgratratspywarestealertrojan

behavioral2

sectopratstealczgratratstealertrojan

© 2018-2024

Terms | Privacy