sectoprat | 7e4e22c147699aefae6893ef1e3f78e017bab1f7771ecb823b54b8410a20c47a | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

7e4e22c147699aefae6893ef1e3f78e017bab1f7771ecb823b54b8410a20c47a
Size

497KB
Sample

240420-gjjzeaaa95
MD5

fc28619227ead45d524043dea20f7f39
SHA1

13e2de078fc824e4ebfcddf17977f4db789c1959
SHA256

7e4e22c147699aefae6893ef1e3f78e017bab1f7771ecb823b54b8410a20c47a
SHA512

027cec065aeaaedc3071df454745b9d839f4f3cb36d13ca2a8c7ebd65be0332e295706811ae83e5966e1ff3754e2e335212ddfe39181738c4774a10c6f08b18d
SSDEEP

12288:ZxAlJcDZTLLyd81ktNRAZPanQ5kWkc4UV:ZxOQTi+GH6Papc4UV

Score

10^/10

sectoprat stealc rat stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7e4e22c147699aefae6893ef1e3f78e017bab1f7771ecb823b54b8410a20c47a.exe

Resource

win10v2004-20240412-en

windows10-2004-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

7e4e22c147699aefae6893ef1e3f78e017bab1f7771ecb823b54b8410a20c47a.exe

Resource

win11-20240412-en

sectoprat stealc rat stealer trojan

windows11-21h2-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.209

Attributes

url_path
/3cd2b41cbde8fc9c.php

Targets

- Target
  
  7e4e22c147699aefae6893ef1e3f78e017bab1f7771ecb823b54b8410a20c47a
- Size
  
  497KB
- MD5
  
  fc28619227ead45d524043dea20f7f39
- SHA1
  
  13e2de078fc824e4ebfcddf17977f4db789c1959
- SHA256
  
  7e4e22c147699aefae6893ef1e3f78e017bab1f7771ecb823b54b8410a20c47a
- SHA512
  
  027cec065aeaaedc3071df454745b9d839f4f3cb36d13ca2a8c7ebd65be0332e295706811ae83e5966e1ff3754e2e335212ddfe39181738c4774a10c6f08b18d
- SSDEEP
  
  12288:ZxAlJcDZTLLyd81ktNRAZPanQ5kWkc4UV:ZxOQTi+GH6Papc4UV
Score

10^/10

stealc stealer sectoprat rat trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

sectopratstealcratstealertrojan

© 2018-2024

Terms | Privacy