sectoprat | 538af20cc47b76f65a2bb6daed037b48574a6f5feb21c22315633b4c451a10ba | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

538af20cc47b76f65a2bb6daed037b48574a6f5feb21c22315633b4c451a10ba
Size

497KB
Sample

240420-clzenadg32
MD5

aff1866a4c9bf3226a842da8c12f7606
SHA1

0b51a9f10017b8cadb5903003dbc0d9e558760a3
SHA256

538af20cc47b76f65a2bb6daed037b48574a6f5feb21c22315633b4c451a10ba
SHA512

acc32bb2acbadfef4cea8fb98eac80588fd84dbafbcc28702d0af83e4691ef1473252c71d6b1fb12909b0b5c580a1dc3c9c09299a8d051c97473150dedc6b4a8
SSDEEP

12288:VBy70w/OnfLYTOOc411sVyL8/TtPnAUaPkcX38rese4uP:VBayfohBf5YJPnfXcXaeR4uP

Score

10^/10

sectoprat stealc rat stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

538af20cc47b76f65a2bb6daed037b48574a6f5feb21c22315633b4c451a10ba.exe

Resource

win10v2004-20240412-en

sectoprat stealc rat stealer trojan

windows10-2004-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

538af20cc47b76f65a2bb6daed037b48574a6f5feb21c22315633b4c451a10ba.exe

Resource

win11-20240412-en

sectoprat stealc rat stealer trojan

windows11-21h2-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.209

Attributes

url_path
/3cd2b41cbde8fc9c.php

Targets

- Target
  
  538af20cc47b76f65a2bb6daed037b48574a6f5feb21c22315633b4c451a10ba
- Size
  
  497KB
- MD5
  
  aff1866a4c9bf3226a842da8c12f7606
- SHA1
  
  0b51a9f10017b8cadb5903003dbc0d9e558760a3
- SHA256
  
  538af20cc47b76f65a2bb6daed037b48574a6f5feb21c22315633b4c451a10ba
- SHA512
  
  acc32bb2acbadfef4cea8fb98eac80588fd84dbafbcc28702d0af83e4691ef1473252c71d6b1fb12909b0b5c580a1dc3c9c09299a8d051c97473150dedc6b4a8
- SSDEEP
  
  12288:VBy70w/OnfLYTOOc411sVyL8/TtPnAUaPkcX38rese4uP:VBayfohBf5YJPnfXcXaeR4uP
Score

10^/10

sectoprat stealc rat stealer trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

sectopratstealcratstealertrojan

behavioral2

sectopratstealcratstealertrojan

© 2018-2024

Terms | Privacy