sectoprat | 0fdd48b7ab83a5aa1597a4a96de96f782131515b29b84dc7b226f54525a6aeb1 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

0fdd48b7ab83a5aa1597a4a96de96f782131515b29b84dc7b226f54525a6aeb1
Size

411KB
Sample

240425-lt52vahe8z
MD5

cfa7711209f5912da9e7395c673c41f6
SHA1

cc59c17cca1fb84a9e50fffe02af3653d5d81941
SHA256

0fdd48b7ab83a5aa1597a4a96de96f782131515b29b84dc7b226f54525a6aeb1
SHA512

e35a1afe98c52f2f4be644e3a599cf4fbfba2eb0958654973f9acc01a83b6d1a3d3e654260179da8921674af15ee7a39628d0216beed414b78cd6c0fc4d53a9d
SSDEEP

6144:I+x1ShTyz9EqOq21LVVb7ZpK2FoICp+fGqhDbSe8Lbp779ZLzW6a:9xo2X2xV1ZpKJICpZqR2bdhc6a

Score

10^/10

sectoprat stealc zgrat rat stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0fdd48b7ab83a5aa1597a4a96de96f782131515b29b84dc7b226f54525a6aeb1.exe

Resource

win10v2004-20240412-en

sectoprat stealc zgrat rat stealer trojan

windows10-2004-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

0fdd48b7ab83a5aa1597a4a96de96f782131515b29b84dc7b226f54525a6aeb1.exe

Resource

win11-20240412-en

windows11-21h2-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  0fdd48b7ab83a5aa1597a4a96de96f782131515b29b84dc7b226f54525a6aeb1
- Size
  
  411KB
- MD5
  
  cfa7711209f5912da9e7395c673c41f6
- SHA1
  
  cc59c17cca1fb84a9e50fffe02af3653d5d81941
- SHA256
  
  0fdd48b7ab83a5aa1597a4a96de96f782131515b29b84dc7b226f54525a6aeb1
- SHA512
  
  e35a1afe98c52f2f4be644e3a599cf4fbfba2eb0958654973f9acc01a83b6d1a3d3e654260179da8921674af15ee7a39628d0216beed414b78cd6c0fc4d53a9d
- SSDEEP
  
  6144:I+x1ShTyz9EqOq21LVVb7ZpK2FoICp+fGqhDbSe8Lbp779ZLzW6a:9xo2X2xV1ZpKJICpZqR2bdhc6a
Score

10^/10

sectoprat stealc zgrat rat stealer trojan
- Detect ZGRat V1
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

sectopratstealczgratratstealertrojan

behavioral2

© 2018-2024

Terms | Privacy