sectoprat | ceafa670663d1a72d7c6914d0c0f9cb75b64eb3ddaa874265da17e8911e035c8 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

ceafa670663d1a72d7c6914d0c0f9cb75b64eb3ddaa874265da17e8911e035c8
Size

452KB
Sample

240419-fdmyfahb93
MD5

0e8c36de609e9f14fa5e252bf1ea50fc
SHA1

0df4f278f5a46de8731e28da183db9fb09e9e107
SHA256

ceafa670663d1a72d7c6914d0c0f9cb75b64eb3ddaa874265da17e8911e035c8
SHA512

29ed696d3750b0382dd56105593083c2e7bd899934300aad14c23a2272cf47b1402a1831b5ed63ec2a7dd76d88207996df420f6e8b3818efbcaed75ae9296781
SSDEEP

12288:OYjr6I3yAhgYF24G17ITsVqpmPAUdXIma:OqM4G1ka2Umma

Score

10^/10

sectoprat stealc zgrat rat stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ceafa670663d1a72d7c6914d0c0f9cb75b64eb3ddaa874265da17e8911e035c8.exe

Resource

win10v2004-20240226-en

sectoprat stealc zgrat rat stealer trojan

windows10-2004-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

ceafa670663d1a72d7c6914d0c0f9cb75b64eb3ddaa874265da17e8911e035c8.exe

Resource

win11-20240412-en

sectoprat stealc zgrat rat stealer trojan

windows11-21h2-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  ceafa670663d1a72d7c6914d0c0f9cb75b64eb3ddaa874265da17e8911e035c8
- Size
  
  452KB
- MD5
  
  0e8c36de609e9f14fa5e252bf1ea50fc
- SHA1
  
  0df4f278f5a46de8731e28da183db9fb09e9e107
- SHA256
  
  ceafa670663d1a72d7c6914d0c0f9cb75b64eb3ddaa874265da17e8911e035c8
- SHA512
  
  29ed696d3750b0382dd56105593083c2e7bd899934300aad14c23a2272cf47b1402a1831b5ed63ec2a7dd76d88207996df420f6e8b3818efbcaed75ae9296781
- SSDEEP
  
  12288:OYjr6I3yAhgYF24G17ITsVqpmPAUdXIma:OqM4G1ka2Umma
Score

10^/10

sectoprat stealc zgrat rat stealer trojan
- Detect ZGRat V1
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

sectopratstealczgratratstealertrojan

behavioral2

sectopratstealczgratratstealertrojan

© 2018-2024

Terms | Privacy