sectoprat | 78eea64a981219170ff45c927d11747c4c4d0f2baf0ebccef02e4fa82ea15007 | Triage

Sharing

General

Target

SetupSuite_2024.24230_win64.exe
Size

18.4MB
Sample

240521-zz2hhaae53
MD5

94dc7cce9cd15f55fb3f289bd723f567
SHA1

5487cd6f476b90b544754f017329d9894d6513e3
SHA256

78eea64a981219170ff45c927d11747c4c4d0f2baf0ebccef02e4fa82ea15007
SHA512

3760f2e225e7919bd4f3a2a9cd0e5eead3cc409c6f44eaa3d7a44fe2639de749f0640b19b8997ac53679c5b824c05d6d5ae3b9105c0c63efbc1cecda345d28cb
SSDEEP

393216:GZRCQ9WLcKS1wNLH04sjYyQ0KSW9MoEvwyhWgJcgtE6W:ioQHargYyWSpvwPgJc4xW

Score

10^/10

sectoprat execution rat spyware trojan

Malware Config

Targets

- Target
  
  SetupSuite_2024.24230_win64.exe
- Size
  
  18.4MB
- MD5
  
  94dc7cce9cd15f55fb3f289bd723f567
- SHA1
  
  5487cd6f476b90b544754f017329d9894d6513e3
- SHA256
  
  78eea64a981219170ff45c927d11747c4c4d0f2baf0ebccef02e4fa82ea15007
- SHA512
  
  3760f2e225e7919bd4f3a2a9cd0e5eead3cc409c6f44eaa3d7a44fe2639de749f0640b19b8997ac53679c5b824c05d6d5ae3b9105c0c63efbc1cecda345d28cb
- SSDEEP
  
  393216:GZRCQ9WLcKS1wNLH04sjYyQ0KSW9MoEvwyhWgJcgtE6W:ioQHargYyWSpvwPgJc4xW
Score

10^/10

sectoprat execution rat spyware trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Executes dropped EXE
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sectopratexecutionratspywaretrojan