sectoprat | ceef57823876da46bbaf97cd3cf3c310be389f737bb55dbdb4f2305fa09594b7 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

3

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

ceef57823876da46bbaf97cd3cf3c310be389f737bb55dbdb4f2305fa09594b7
Size

394KB
Sample

240427-kgdamafe4s
MD5

63f06615184f6df9cbde4673782a7f44
SHA1

143adb5ab302028d9d68f207e8c422e7d4ecbbab
SHA256

ceef57823876da46bbaf97cd3cf3c310be389f737bb55dbdb4f2305fa09594b7
SHA512

272bc9cec6a6a5d3fb725dc9d57ecfb06d8c04e0035b2d4417320a82077ae73aa2048b01bf8d7672e5a06b41c40054110143574cca11656b91af8adf1bb07740
SSDEEP

6144:sCkJFI6R8nSacs8foP5sn/3UufI5MhBECEwXG6L9FHUGEM62K:sCeLR/acs4oY+5MhfhV9FLK

Score

10^/10

sectoprat stealc zgrat rat stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ceef57823876da46bbaf97cd3cf3c310be389f737bb55dbdb4f2305fa09594b7.exe

Resource

win10v2004-20240419-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

ceef57823876da46bbaf97cd3cf3c310be389f737bb55dbdb4f2305fa09594b7.exe

Resource

win11-20240426-en

sectoprat stealc zgrat rat stealer trojan

windows11-21h2-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.76

Attributes

url_path
/3cd2b41cbde8fc9c.php

Targets

- Target
  
  ceef57823876da46bbaf97cd3cf3c310be389f737bb55dbdb4f2305fa09594b7
- Size
  
  394KB
- MD5
  
  63f06615184f6df9cbde4673782a7f44
- SHA1
  
  143adb5ab302028d9d68f207e8c422e7d4ecbbab
- SHA256
  
  ceef57823876da46bbaf97cd3cf3c310be389f737bb55dbdb4f2305fa09594b7
- SHA512
  
  272bc9cec6a6a5d3fb725dc9d57ecfb06d8c04e0035b2d4417320a82077ae73aa2048b01bf8d7672e5a06b41c40054110143574cca11656b91af8adf1bb07740
- SSDEEP
  
  6144:sCkJFI6R8nSacs8foP5sn/3UufI5MhBECEwXG6L9FHUGEM62K:sCeLR/acs4oY+5MhfhV9FLK
Score

10^/10

sectoprat stealc zgrat rat stealer trojan
- Detect ZGRat V1
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

sectopratstealczgratratstealertrojan

© 2018-2024

Terms | Privacy