sectoprat | 83e8d48acab4e0be57905c55447c177f4db9319fc1633476063f1462b0ea21b7 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

83e8d48acab4e0be57905c55447c177f4db9319fc1633476063f1462b0ea21b7
Size

460KB
Sample

240419-htxhxsbd99
MD5

a2d3b3520a52f12311c30ffd85d35852
SHA1

bdee16f3c597c1d8f0ad27153f39f0a6629ecf77
SHA256

83e8d48acab4e0be57905c55447c177f4db9319fc1633476063f1462b0ea21b7
SHA512

11ab97748a2cbf9a123237a23a13be86a49109cb62e42b45c1df8aad93052ffb12a0b7c399bacde2d5055ad78aff11582aed5fd980d29e665d1151355821a6e8
SSDEEP

6144:KDfVZKQFzkJGWNWNK47hJGMcyvkFFV7uHf07pGi1Wp7Yuxw0Qmmf:KDfVZ1FzkAEWw47nGMcmkFFMNQkwGmf

Score

10^/10

sectoprat stealc zgrat rat stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

83e8d48acab4e0be57905c55447c177f4db9319fc1633476063f1462b0ea21b7.exe

Resource

win10v2004-20240412-en

sectoprat stealc zgrat rat stealer trojan

windows10-2004-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

83e8d48acab4e0be57905c55447c177f4db9319fc1633476063f1462b0ea21b7.exe

Resource

win11-20240412-en

sectoprat stealc zgrat rat stealer trojan

windows11-21h2-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  83e8d48acab4e0be57905c55447c177f4db9319fc1633476063f1462b0ea21b7
- Size
  
  460KB
- MD5
  
  a2d3b3520a52f12311c30ffd85d35852
- SHA1
  
  bdee16f3c597c1d8f0ad27153f39f0a6629ecf77
- SHA256
  
  83e8d48acab4e0be57905c55447c177f4db9319fc1633476063f1462b0ea21b7
- SHA512
  
  11ab97748a2cbf9a123237a23a13be86a49109cb62e42b45c1df8aad93052ffb12a0b7c399bacde2d5055ad78aff11582aed5fd980d29e665d1151355821a6e8
- SSDEEP
  
  6144:KDfVZKQFzkJGWNWNK47hJGMcyvkFFV7uHf07pGi1Wp7Yuxw0Qmmf:KDfVZ1FzkAEWw47nGMcmkFFMNQkwGmf
Score

10^/10

sectoprat stealc zgrat rat stealer trojan
- Detect ZGRat V1
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

sectopratstealczgratratstealertrojan

behavioral2

sectopratstealczgratratstealertrojan

© 2018-2024

Terms | Privacy