sectoprat | edad2dcd4cf07314eb0c4e27fa9ac620f6fe6260f931e237c06178ef2c36526d | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

edad2dcd4cf07314eb0c4e27fa9ac620f6fe6260f931e237c06178ef2c36526d
Size

452KB
Sample

240419-fd79dahc32
MD5

10692f2b2f300dd397e17e54af5f9518
SHA1

cb494a9640cf5cdf7a114d2950d60fc00871468f
SHA256

edad2dcd4cf07314eb0c4e27fa9ac620f6fe6260f931e237c06178ef2c36526d
SHA512

97594fc964ba252a469048ba8662a3a086f258bbe6340808831faf3440b4ea3b15b0c69c6a98e9a770453a11030fbe9d2c87cb6e734b51a8331df0738e358759
SSDEEP

12288:OYjr6I3yAhgYF24G17ITsVqpmPAUdXImV:OqM4G1ka2UmmV

Score

10^/10

sectoprat stealc zgrat rat stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

edad2dcd4cf07314eb0c4e27fa9ac620f6fe6260f931e237c06178ef2c36526d.exe

Resource

win10v2004-20240412-en

sectoprat stealc zgrat rat stealer trojan

windows10-2004-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

edad2dcd4cf07314eb0c4e27fa9ac620f6fe6260f931e237c06178ef2c36526d.exe

Resource

win11-20240412-en

sectoprat stealc zgrat rat stealer trojan

windows11-21h2-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  edad2dcd4cf07314eb0c4e27fa9ac620f6fe6260f931e237c06178ef2c36526d
- Size
  
  452KB
- MD5
  
  10692f2b2f300dd397e17e54af5f9518
- SHA1
  
  cb494a9640cf5cdf7a114d2950d60fc00871468f
- SHA256
  
  edad2dcd4cf07314eb0c4e27fa9ac620f6fe6260f931e237c06178ef2c36526d
- SHA512
  
  97594fc964ba252a469048ba8662a3a086f258bbe6340808831faf3440b4ea3b15b0c69c6a98e9a770453a11030fbe9d2c87cb6e734b51a8331df0738e358759
- SSDEEP
  
  12288:OYjr6I3yAhgYF24G17ITsVqpmPAUdXImV:OqM4G1ka2UmmV
Score

10^/10

sectoprat stealc zgrat rat stealer trojan
- Detect ZGRat V1
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

sectopratstealczgratratstealertrojan

behavioral2

sectopratstealczgratratstealertrojan

© 2018-2024

Terms | Privacy