sectoprat | fa0b3328dda7aa7e953780fc8b6be127f747fc778f0bd3f0a2e885402c1c481e | Triage

Sharing

General

Target

164.zip
Size

67.3MB
Sample

240517-qcva8sac2y
MD5

3e4f9eab6576f7262ecb93e395757b28
SHA1

d3cb8cd0ad0da03914553b8ec7626780f69703a5
SHA256

fa0b3328dda7aa7e953780fc8b6be127f747fc778f0bd3f0a2e885402c1c481e
SHA512

05c60630a96c046a0a0644404dd7be07563055104648a60d55dba0ccc01e97c0c958fc63225007ee63ec0d3df7d8f8d62807288dabce1c036b040900668f1dae
SSDEEP

1572864:vfEN10yY9MJB6MxjUg2sNgw0/HFnQPwKwtIGks8BU1NtLv/t/ot9:XE/0yYKv6MXBN10/HKPwKqwgtLXSt9

Score

10^/10

sectoprat execution rat spyware trojan

Malware Config

Targets

- Target
  
  164/setup164.exe
- Size
  
  32KB
- MD5
  
  2b8b61308a4482526a259ccab970bfd6
- SHA1
  
  b41513afc20d492b556eb2f0ed2bd3af9e7b496c
- SHA256
  
  09ad227263cf701b1ee840b6744be44e1bf2478073c20b5dfc8dd29fecade71b
- SHA512
  
  b88a63c46062d3c6a608bc650d82a4b7e69e284a72655de6e5249060acba9a566287256b80afd0197ed6f903a9bf19c6e5c4565bb5bdb1bb4cfd64281bdb6324
- SSDEEP
  
  384:7oI1gYZw33FUWUcC6TBhdsDgZH4o5NEvdlcn0ScPmPn0Avsl9EPg/s4Xsn+KvHKj:j7Zw33FNUf6Nhd/fQ1l+0vM0iT9
Score

10^/10

sectoprat execution rat spyware trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

sectopratexecutionratspywaretrojan

behavioral2

executionspyware

behavioral3

executionspyware

behavioral4