sectoprat | 594c30dee9f7acb7cbac72ef005dd2bd0b5138d33f60722bb0ead648b6303cd6 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

594c30dee9f7acb7cbac72ef005dd2bd0b5138d33f60722bb0ead648b6303cd6
Size

460KB
Sample

240419-hszlwscc8z
MD5

a5840ec00269eaf40d943a28948ff117
SHA1

d6cb3a6e4fce6ca5555a9d91e09a1e962be92d18
SHA256

594c30dee9f7acb7cbac72ef005dd2bd0b5138d33f60722bb0ead648b6303cd6
SHA512

da5892e7f25819446c5ac3541aaca40e55cc224e2d0801063f664ef078e7294aaa232753a8379c9a8991d8b04b9b42b14651bb06de0dd8287c9cec9060cef9d2
SSDEEP

6144:KDfVZKQFzkJGWNWNK47hJGMcyvkFFV7uHf07pGi1Wp7Yuxw0QmmV:KDfVZ1FzkAEWw47nGMcmkFFMNQkwGmV

Score

10^/10

sectoprat stealc zgrat rat stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

594c30dee9f7acb7cbac72ef005dd2bd0b5138d33f60722bb0ead648b6303cd6.exe

Resource

win10v2004-20240412-en

sectoprat stealc zgrat rat stealer trojan

windows10-2004-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

594c30dee9f7acb7cbac72ef005dd2bd0b5138d33f60722bb0ead648b6303cd6.exe

Resource

win11-20240412-en

sectoprat stealc zgrat rat stealer trojan

windows11-21h2-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  594c30dee9f7acb7cbac72ef005dd2bd0b5138d33f60722bb0ead648b6303cd6
- Size
  
  460KB
- MD5
  
  a5840ec00269eaf40d943a28948ff117
- SHA1
  
  d6cb3a6e4fce6ca5555a9d91e09a1e962be92d18
- SHA256
  
  594c30dee9f7acb7cbac72ef005dd2bd0b5138d33f60722bb0ead648b6303cd6
- SHA512
  
  da5892e7f25819446c5ac3541aaca40e55cc224e2d0801063f664ef078e7294aaa232753a8379c9a8991d8b04b9b42b14651bb06de0dd8287c9cec9060cef9d2
- SSDEEP
  
  6144:KDfVZKQFzkJGWNWNK47hJGMcyvkFFV7uHf07pGi1Wp7Yuxw0QmmV:KDfVZ1FzkAEWw47nGMcmkFFMNQkwGmV
Score

10^/10

sectoprat stealc zgrat rat stealer trojan
- Detect ZGRat V1
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

sectopratstealczgratratstealertrojan

behavioral2

sectopratstealczgratratstealertrojan

© 2018-2024

Terms | Privacy