sectoprat

General

Target

0b1041617a0b6cb63b7746b8e431f3cfcec87200fea880b9e053a20116a31e78
Size

445KB
Sample

240420-snjpzsbh6s
MD5

aa16a9a21d8d8f423f9660b1e98297ff
SHA1

bc943e191e5e6ade5b41f8ebadfda947587db7e1
SHA256

0b1041617a0b6cb63b7746b8e431f3cfcec87200fea880b9e053a20116a31e78
SHA512

15ee2f37f6f792a03bac5960fcd16121c153ea507ccb7fdf63f55893548729be6341cb1413f534a939ecfb7ee224cf2bd1dc7c582b6d020fc3c461c87180a319
SSDEEP

6144:Z9blLakMOxHYjN63y3Fz180hQk13xlBbyffsz34wf3XjQN5P:Z3LaTIHYjNKaFSg13Jbyffs8wPjQN5P

Score

10^/10

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.209

Attributes

url_path
/3cd2b41cbde8fc9c.php

Targets

- Target
  
  0b1041617a0b6cb63b7746b8e431f3cfcec87200fea880b9e053a20116a31e78
- Size
  
  445KB
- MD5
  
  aa16a9a21d8d8f423f9660b1e98297ff
- SHA1
  
  bc943e191e5e6ade5b41f8ebadfda947587db7e1
- SHA256
  
  0b1041617a0b6cb63b7746b8e431f3cfcec87200fea880b9e053a20116a31e78
- SHA512
  
  15ee2f37f6f792a03bac5960fcd16121c153ea507ccb7fdf63f55893548729be6341cb1413f534a939ecfb7ee224cf2bd1dc7c582b6d020fc3c461c87180a319
- SSDEEP
  
  6144:Z9blLakMOxHYjN63y3Fz180hQk13xlBbyffsz34wf3XjQN5P:Z3LaTIHYjNKaFSg13Jbyffs8wPjQN5P
Score

10^/10

stealc stealer sectoprat rat trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

SectopRAT payload

Stealc

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2