sectoprat | HMC[.]exe | Triage

Sharing

General

Target

HMC.exe
Size

3.0MB
MD5

6e4727684bbce2a7e6ce6824792c5cd8
SHA1

d20e40c0e81476dbecdbe859931a25d279fc055e
SHA256

3c0d3ca35dcf977eade9897106a46ae8def8d1eecd757cc07e31bd13b00d2198
SHA512

5c55bda7008c5c54c8122e7934c3ef0f70325138a4fbff4201d430fccac13d4ade2b9be8aa86e1b8969bc26f84303d2ccb1a20cd1980ba7a85013d37a0024200
SSDEEP

24576:fVsQ6BKfC+CWDU2fy6Uuri8MmOmbCYUz7PH8Zeaj0HM3ow5Xty:fVeBB2kMOnYUvPb

Score

10^/10

sectoprat redline

Malware Config

Signatures

Redline family
redline
SectopRAT payload 1 IoCs

Processes:

resource yara_rule

sample family_sectoprat
Sectoprat family
sectoprat
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

HMC.exe

Files

HMC.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ