sectoprat | c4fe8cdeb88bcf53388a069bbb60a3dd49c4a08008c2fa8af0977120c8ddc0a5 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

3

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

c4fe8cdeb88bcf53388a069bbb60a3dd49c4a08008c2fa8af0977120c8ddc0a5
Size

386KB
Sample

240427-pe7hxaac97
MD5

e9ee25d6346a739ce3778abc33690869
SHA1

27cf4a90bd47c2d41d274ec9ec16f1a7dde6ed01
SHA256

c4fe8cdeb88bcf53388a069bbb60a3dd49c4a08008c2fa8af0977120c8ddc0a5
SHA512

e5d35baed3c0eb5a60717f85c520b940471ae53d9a44e9681a482d62bb420b37fe59ce98a9903c29eb39c2f99550070d22c94fc1d7ddc8ff61e042cc672f9417
SSDEEP

6144:USzVvkBage3IgFEbPijF94P0JK4oivly+5Nicq8mDLKQH8q8am6mW:DZnFEbqBrK7T6ic237X

Score

10^/10

sectoprat stealc discovery rat stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c4fe8cdeb88bcf53388a069bbb60a3dd49c4a08008c2fa8af0977120c8ddc0a5.exe

Resource

win10v2004-20240419-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

c4fe8cdeb88bcf53388a069bbb60a3dd49c4a08008c2fa8af0977120c8ddc0a5.exe

Resource

win11-20240426-en

sectoprat stealc discovery rat stealer trojan

windows11-21h2-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.111

Attributes

url_path
/f993692117a3fda2.php

Targets

- Target
  
  c4fe8cdeb88bcf53388a069bbb60a3dd49c4a08008c2fa8af0977120c8ddc0a5
- Size
  
  386KB
- MD5
  
  e9ee25d6346a739ce3778abc33690869
- SHA1
  
  27cf4a90bd47c2d41d274ec9ec16f1a7dde6ed01
- SHA256
  
  c4fe8cdeb88bcf53388a069bbb60a3dd49c4a08008c2fa8af0977120c8ddc0a5
- SHA512
  
  e5d35baed3c0eb5a60717f85c520b940471ae53d9a44e9681a482d62bb420b37fe59ce98a9903c29eb39c2f99550070d22c94fc1d7ddc8ff61e042cc672f9417
- SSDEEP
  
  6144:USzVvkBage3IgFEbPijF94P0JK4oivly+5Nicq8mDLKQH8q8am6mW:DZnFEbqBrK7T6ic237X
Score

10^/10

sectoprat stealc discovery rat stealer trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

sectopratstealcdiscoveryratstealertrojan

© 2018-2024

Terms | Privacy