sectoprat | d15e9213de12bd59d8c28d96e76b73d8c5c3eda4aade9028fc9c1e28a7dccc32 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

d15e9213de12bd59d8c28d96e76b73d8c5c3eda4aade9028fc9c1e28a7dccc32
Size

411KB
Sample

240425-lwzb3she91
MD5

7ceccb5c47e2fc2dd9b2fdad41c16935
SHA1

0ba4733ca7f1a529eb99245ad349aab597013e36
SHA256

d15e9213de12bd59d8c28d96e76b73d8c5c3eda4aade9028fc9c1e28a7dccc32
SHA512

c5d507aecf1c0eb339bd36d9562aa3bb8405bf08131a5e60b8befecf09f8d71af46394140c690e72fd220d91d66655eebb4c50b6d0c72a5dd9c348081cb17e7a
SSDEEP

6144:I+x1ShTyz9EqOq21LVVb7ZpK2FoICp+fGqhDbSe8Lbp779ZLzW6V:9xo2X2xV1ZpKJICpZqR2bdhc6V

Score

10^/10

sectoprat stealc zgrat rat stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d15e9213de12bd59d8c28d96e76b73d8c5c3eda4aade9028fc9c1e28a7dccc32.exe

Resource

win10v2004-20240412-en

sectoprat stealc zgrat rat stealer trojan

windows10-2004-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

d15e9213de12bd59d8c28d96e76b73d8c5c3eda4aade9028fc9c1e28a7dccc32.exe

Resource

win11-20240412-en

sectoprat stealc zgrat rat stealer trojan

windows11-21h2-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  d15e9213de12bd59d8c28d96e76b73d8c5c3eda4aade9028fc9c1e28a7dccc32
- Size
  
  411KB
- MD5
  
  7ceccb5c47e2fc2dd9b2fdad41c16935
- SHA1
  
  0ba4733ca7f1a529eb99245ad349aab597013e36
- SHA256
  
  d15e9213de12bd59d8c28d96e76b73d8c5c3eda4aade9028fc9c1e28a7dccc32
- SHA512
  
  c5d507aecf1c0eb339bd36d9562aa3bb8405bf08131a5e60b8befecf09f8d71af46394140c690e72fd220d91d66655eebb4c50b6d0c72a5dd9c348081cb17e7a
- SSDEEP
  
  6144:I+x1ShTyz9EqOq21LVVb7ZpK2FoICp+fGqhDbSe8Lbp779ZLzW6V:9xo2X2xV1ZpKJICpZqR2bdhc6V
Score

10^/10

sectoprat stealc zgrat rat stealer trojan
- Detect ZGRat V1
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

sectopratstealczgratratstealertrojan

behavioral2

sectopratstealczgratratstealertrojan

© 2018-2024

Terms | Privacy