sectoprat | 51e94d549fea3488fb890e3411191a8c6233051ac0ad74ecad330095983d2271 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

51e94d549fea3488fb890e3411191a8c6233051ac0ad74ecad330095983d2271
Size

411KB
Sample

240425-ltnskahe85
MD5

c29446e707ee153977b82e9a51800021
SHA1

e07ce115e4d3fb9806ef53e6e263cf0b1619f101
SHA256

51e94d549fea3488fb890e3411191a8c6233051ac0ad74ecad330095983d2271
SHA512

1584e578dc2b626a10a54925194e5103809d6afef356aacbb636b3d6b1386d1322b2a0b0c03be7c888fc1cec048957801df707dd4a437035eabde0fc3ea02d38
SSDEEP

6144:I+x1ShTyz9EqOq21LVVb7ZpK2FoICp+fGqhDbSe8Lbp779ZLzW6:9xo2X2xV1ZpKJICpZqR2bdhc6

Score

10^/10

sectoprat stealc rat stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

51e94d549fea3488fb890e3411191a8c6233051ac0ad74ecad330095983d2271.exe

Resource

win10v2004-20240412-en

sectoprat stealc rat stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

51e94d549fea3488fb890e3411191a8c6233051ac0ad74ecad330095983d2271.exe

Resource

win11-20240412-en

sectoprat stealc rat stealer trojan

windows11-21h2-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  51e94d549fea3488fb890e3411191a8c6233051ac0ad74ecad330095983d2271
- Size
  
  411KB
- MD5
  
  c29446e707ee153977b82e9a51800021
- SHA1
  
  e07ce115e4d3fb9806ef53e6e263cf0b1619f101
- SHA256
  
  51e94d549fea3488fb890e3411191a8c6233051ac0ad74ecad330095983d2271
- SHA512
  
  1584e578dc2b626a10a54925194e5103809d6afef356aacbb636b3d6b1386d1322b2a0b0c03be7c888fc1cec048957801df707dd4a437035eabde0fc3ea02d38
- SSDEEP
  
  6144:I+x1ShTyz9EqOq21LVVb7ZpK2FoICp+fGqhDbSe8Lbp779ZLzW6:9xo2X2xV1ZpKJICpZqR2bdhc6
Score

10^/10

sectoprat stealc rat stealer trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

sectopratstealcratstealertrojan

behavioral2

sectopratstealcratstealertrojan

© 2018-2024

Terms | Privacy