sectoprat | b7ef70fd636ee48e1a9cce3dff496d6835c86891478c8d1a1e5146200728a148 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

b7ef70fd636ee48e1a9cce3dff496d6835c86891478c8d1a1e5146200728a148
Size

497KB
Sample

240420-jcnp5abf82
MD5

255506cd3bf7204a2c0d3d2f7de4935b
SHA1

d51417e6828fba48d15750f458fcdeca260dd08e
SHA256

b7ef70fd636ee48e1a9cce3dff496d6835c86891478c8d1a1e5146200728a148
SHA512

8305febe9fb663a444231eee6636330bcbd577d8c697dd3a06a63b1c8e1cd18eb5a878935572d2441d2a4026250ae73b42fa3f65dcc93c4723e664e1a7e79d86
SSDEEP

12288:ZUw+RcJ4nTC26EllW11cZkUAbDnHz/dA14Tqa:ZUpFTHrXW93T/O4ua

Score

10^/10

sectoprat stealc rat stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b7ef70fd636ee48e1a9cce3dff496d6835c86891478c8d1a1e5146200728a148.exe

Resource

win10v2004-20240412-en

sectoprat stealc rat stealer trojan

windows10-2004-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

b7ef70fd636ee48e1a9cce3dff496d6835c86891478c8d1a1e5146200728a148.exe

Resource

win11-20240412-en

windows11-21h2-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.209

Attributes

url_path
/3cd2b41cbde8fc9c.php

Targets

- Target
  
  b7ef70fd636ee48e1a9cce3dff496d6835c86891478c8d1a1e5146200728a148
- Size
  
  497KB
- MD5
  
  255506cd3bf7204a2c0d3d2f7de4935b
- SHA1
  
  d51417e6828fba48d15750f458fcdeca260dd08e
- SHA256
  
  b7ef70fd636ee48e1a9cce3dff496d6835c86891478c8d1a1e5146200728a148
- SHA512
  
  8305febe9fb663a444231eee6636330bcbd577d8c697dd3a06a63b1c8e1cd18eb5a878935572d2441d2a4026250ae73b42fa3f65dcc93c4723e664e1a7e79d86
- SSDEEP
  
  12288:ZUw+RcJ4nTC26EllW11cZkUAbDnHz/dA14Tqa:ZUpFTHrXW93T/O4ua
Score

10^/10

sectoprat stealc rat stealer trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

sectopratstealcratstealertrojan

behavioral2

© 2018-2024

Terms | Privacy