sectoprat

General

Target

373b0bc34285eb0ffab186720136f6d1aee5573875afb13869f76d484e5b2a86.exe
Size

452KB
Sample

240428-blxemacf92
MD5

b18f735662f85ad0b563af4149ca6f7b
SHA1

90664a470de69c00b53e348a5c657f630ae7863d
SHA256

373b0bc34285eb0ffab186720136f6d1aee5573875afb13869f76d484e5b2a86
SHA512

79271742d91f04a3bb270058ecf3dd503f32c38a96be9db8a2d50479ed75c63179cb5aabaace243b2d5552809ebdeeac2c01b3f54ae31230f32c6432f8207d19
SSDEEP

6144:yqLtuGCSTaLZ4Bz5iNrmY4+wqKKxsnF4rclsMoSkRywnQts4lY:yWtrlXI14qdxsn7T14N4lY

Score

10^/10

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.62

Attributes

url_path
/902e53a07830e030.php

Targets

- Target
  
  373b0bc34285eb0ffab186720136f6d1aee5573875afb13869f76d484e5b2a86.exe
- Size
  
  452KB
- MD5
  
  b18f735662f85ad0b563af4149ca6f7b
- SHA1
  
  90664a470de69c00b53e348a5c657f630ae7863d
- SHA256
  
  373b0bc34285eb0ffab186720136f6d1aee5573875afb13869f76d484e5b2a86
- SHA512
  
  79271742d91f04a3bb270058ecf3dd503f32c38a96be9db8a2d50479ed75c63179cb5aabaace243b2d5552809ebdeeac2c01b3f54ae31230f32c6432f8207d19
- SSDEEP
  
  6144:yqLtuGCSTaLZ4Bz5iNrmY4+wqKKxsnF4rclsMoSkRywnQts4lY:yWtrlXI14qdxsn7T14N4lY
Score

10^/10

sectoprat stealc zgrat discovery rat spyware stealer trojan
- Detect ZGRat V1
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Detect binaries embedding considerable number of MFA browser extension IDs.
- Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects encrypted or obfuscated .NET executables
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2