sectoprat | 71674457d21249c28cec063d44baf6a856696105b156575bbb32794b0c6fbaf8 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

71674457d21249c28cec063d44baf6a856696105b156575bbb32794b0c6fbaf8
Size

497KB
Sample

240420-ggjwmaaf7x
MD5

92e5f7ec3c36861b9e9fa8c97721489e
SHA1

062251e2455413f91b1a109974ed6ae3ca2961fd
SHA256

71674457d21249c28cec063d44baf6a856696105b156575bbb32794b0c6fbaf8
SHA512

a433b21794364fc09f14772de8c6810773d1de46fc320e8bac42d85e42f79e355d4861555845eecd81f831caa313d11d146ccbd87236244214d60c25ef1895db
SSDEEP

12288:ZxAlJcDZTLLyd81ktNRAZPanQ5kWkc4UY:ZxOQTi+GH6Papc4UY

Score

10^/10

sectoprat stealc rat stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

71674457d21249c28cec063d44baf6a856696105b156575bbb32794b0c6fbaf8.exe

Resource

win10v2004-20240412-en

sectoprat stealc rat stealer trojan

windows10-2004-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

71674457d21249c28cec063d44baf6a856696105b156575bbb32794b0c6fbaf8.exe

Resource

win11-20240412-en

windows11-21h2-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.209

Attributes

url_path
/3cd2b41cbde8fc9c.php

Targets

- Target
  
  71674457d21249c28cec063d44baf6a856696105b156575bbb32794b0c6fbaf8
- Size
  
  497KB
- MD5
  
  92e5f7ec3c36861b9e9fa8c97721489e
- SHA1
  
  062251e2455413f91b1a109974ed6ae3ca2961fd
- SHA256
  
  71674457d21249c28cec063d44baf6a856696105b156575bbb32794b0c6fbaf8
- SHA512
  
  a433b21794364fc09f14772de8c6810773d1de46fc320e8bac42d85e42f79e355d4861555845eecd81f831caa313d11d146ccbd87236244214d60c25ef1895db
- SSDEEP
  
  12288:ZxAlJcDZTLLyd81ktNRAZPanQ5kWkc4UY:ZxOQTi+GH6Papc4UY
Score

10^/10

sectoprat stealc rat stealer trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

sectopratstealcratstealertrojan

behavioral2

© 2018-2024

Terms | Privacy