Overview

overview

10

Static

static

7

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp

  • Size

    5.4MB

  • Sample

    240419-lyeepaee88

  • MD5

    6a1db4f73db4ed058c8cd7e04dfa7cc3

  • SHA1

    e3e074af4f3a6ed332eedf518b2d1f9a20314fd6

  • SHA256

    0a5355f8e8a6665e7da928c50309b811b88f011d763d0ab5057a8b969992f5ec

  • SHA512

    1ce79d2b5f58c9d1f6e68cb86a0d24fec883defd55115640b021816facd4bf3748da5a61b1e5da9f76f6b7a2b6c382b72261536bc28f48d0643a9f8aceb98fde

  • SSDEEP

    49152:gzlsiRwPVALodv5ezAayuESxLZfsUyRRBIH2yHnJh4r5Nvo6X29ke0UzMPy7lyE4:gzlsiRtDdnu42yHQDv5o0IKDTNVn

Score
10/10
sectopratrattrojan

Malware Config

Targets

    • Target

      tmp

    • Size

      5.4MB

    • MD5

      6a1db4f73db4ed058c8cd7e04dfa7cc3

    • SHA1

      e3e074af4f3a6ed332eedf518b2d1f9a20314fd6

    • SHA256

      0a5355f8e8a6665e7da928c50309b811b88f011d763d0ab5057a8b969992f5ec

    • SHA512

      1ce79d2b5f58c9d1f6e68cb86a0d24fec883defd55115640b021816facd4bf3748da5a61b1e5da9f76f6b7a2b6c382b72261536bc28f48d0643a9f8aceb98fde

    • SSDEEP

      49152:gzlsiRwPVALodv5ezAayuESxLZfsUyRRBIH2yHnJh4r5Nvo6X29ke0UzMPy7lyE4:gzlsiRtDdnu42yHQDv5o0IKDTNVn

    Score
    10/10
    sectopratrattrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks