sectoprat | 53167ba94a450f8bcda36276b9d53687b52ec8852dff3397ba64f6efbfd4ec0e | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

53167ba94a450f8bcda36276b9d53687b52ec8852dff3397ba64f6efbfd4ec0e
Size

497KB
Sample

240420-kdkwasdb9v
MD5

dedd4ef7176809952c6b5b2492d4a972
SHA1

770537e96bfbe3e2dc352af8dfe6edb8a8c971bd
SHA256

53167ba94a450f8bcda36276b9d53687b52ec8852dff3397ba64f6efbfd4ec0e
SHA512

189ff05c388569af1ea5f871a16ef8fdb332a1c5f04c04b2e8079560ea195fa61ec25f85bb4f793c7d89f0acdee54f77531ff02acaf728b6677e00a0fcbfbd41
SSDEEP

12288:coIUKt8Ot1lyFLHoOPBvORzF38IjI1GCL7YdnLZjQ/4:coU8Ot1lyFLHoOxR0I1GGYdLZjy4

Score

10^/10

sectoprat stealc rat stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

53167ba94a450f8bcda36276b9d53687b52ec8852dff3397ba64f6efbfd4ec0e.exe

Resource

win10v2004-20240412-en

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

53167ba94a450f8bcda36276b9d53687b52ec8852dff3397ba64f6efbfd4ec0e.exe

Resource

win11-20240412-en

sectoprat stealc rat stealer trojan

windows11-21h2-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.209

Attributes

url_path
/3cd2b41cbde8fc9c.php

Targets

- Target
  
  53167ba94a450f8bcda36276b9d53687b52ec8852dff3397ba64f6efbfd4ec0e
- Size
  
  497KB
- MD5
  
  dedd4ef7176809952c6b5b2492d4a972
- SHA1
  
  770537e96bfbe3e2dc352af8dfe6edb8a8c971bd
- SHA256
  
  53167ba94a450f8bcda36276b9d53687b52ec8852dff3397ba64f6efbfd4ec0e
- SHA512
  
  189ff05c388569af1ea5f871a16ef8fdb332a1c5f04c04b2e8079560ea195fa61ec25f85bb4f793c7d89f0acdee54f77531ff02acaf728b6677e00a0fcbfbd41
- SSDEEP
  
  12288:coIUKt8Ot1lyFLHoOPBvORzF38IjI1GCL7YdnLZjQ/4:coU8Ot1lyFLHoOxR0I1GGYdLZjy4
Score

10^/10

stealc stealer sectoprat rat trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

sectopratstealcratstealertrojan

© 2018-2024

Terms | Privacy