sectoprat | 6c7cd54af0c18dbfec568bf5622658386fd9244426712bcbb2a6d72dda023180 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

3

Sharing

General

Target

6c7cd54af0c18dbfec568bf5622658386fd9244426712bcbb2a6d72dda023180
Size

394KB
Sample

240427-kfas4sfd9z
MD5

a84998364e4dc723cede32e644f0e82c
SHA1

b009c49a5467c75f833146ceb5ee41a891c7c637
SHA256

6c7cd54af0c18dbfec568bf5622658386fd9244426712bcbb2a6d72dda023180
SHA512

2ac396fffa165a8155e6e615017082a428d02aaa2e5d62d28b4a59847d76d45e06545657b3a97338bec9d29edf093597a2128a1b599446d02b871b086b12d812
SSDEEP

6144:sCkJFI6R8nSacs8foP5sn/3UufI5MhBECEwXG6L9FHUGEM62:sCeLR/acs4oY+5MhfhV9FL

Score

10^/10

sectoprat stealc discovery rat stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6c7cd54af0c18dbfec568bf5622658386fd9244426712bcbb2a6d72dda023180.exe

Resource

win10v2004-20240426-en

sectoprat stealc discovery rat stealer trojan

windows10-2004-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

6c7cd54af0c18dbfec568bf5622658386fd9244426712bcbb2a6d72dda023180.exe

Resource

win11-20240419-en

windows11-21h2-x64

1 signatures

150 seconds

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.111

Attributes

url_path
/f993692117a3fda2.php

Targets

- Target
  
  6c7cd54af0c18dbfec568bf5622658386fd9244426712bcbb2a6d72dda023180
- Size
  
  394KB
- MD5
  
  a84998364e4dc723cede32e644f0e82c
- SHA1
  
  b009c49a5467c75f833146ceb5ee41a891c7c637
- SHA256
  
  6c7cd54af0c18dbfec568bf5622658386fd9244426712bcbb2a6d72dda023180
- SHA512
  
  2ac396fffa165a8155e6e615017082a428d02aaa2e5d62d28b4a59847d76d45e06545657b3a97338bec9d29edf093597a2128a1b599446d02b871b086b12d812
- SSDEEP
  
  6144:sCkJFI6R8nSacs8foP5sn/3UufI5MhBECEwXG6L9FHUGEM62:sCeLR/acs4oY+5MhfhV9FL
Score

10^/10

sectoprat stealc discovery rat stealer trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

sectopratstealcdiscoveryratstealertrojan

behavioral2

© 2018-2024

Terms | Privacy