sectoprat | 549ff34af878b82f3b30e53410389420e0fedc14708d408f1ccb561b85660775 | Triage

Submit
Reports

Overview

overview

Static

static

7f386e5780...81.exe

windows7-x64

7f386e5780...81.exe

windows10-2004-x64

Sharing

General

Target

17502930540.zip
Size

427KB
Sample

240531-wn7nlaga3y
MD5

0770576a4cc71f46369f1c800d9e39f2
SHA1

d045a2b2733f930e91f30f94ed56f59086893dba
SHA256

549ff34af878b82f3b30e53410389420e0fedc14708d408f1ccb561b85660775
SHA512

bc843d433fe816a546d6aab08ca2bb41577f48278c2714f2d152ca7dddee6e428561d226a193cdaf04a89360808384a3582675b9c2cc83fe9e8f3c42e5ead76d
SSDEEP

6144:p+JXlRdQh8eevZTIJ65v27zqqEzdYsvPzd3Bg5vMMfVS2qrXgh1Ieg4Zk78d01wj:s1lBeexcKcsRvPzzgeQVCrYId4ZSi0Ti

Score

10^/10

sectoprat discovery rat spyware stealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

7f386e57807f0c2d48b0b33f35e6baf50ba5ee8b000bbd7b4bdd454cedc9ae81.exe

Resource

win7-20240221-en

sectoprat discovery rat spyware stealer trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

7f386e57807f0c2d48b0b33f35e6baf50ba5ee8b000bbd7b4bdd454cedc9ae81.exe

Resource

win10v2004-20240508-en

sectoprat discovery rat spyware stealer trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  7f386e57807f0c2d48b0b33f35e6baf50ba5ee8b000bbd7b4bdd454cedc9ae81
- Size
  
  768KB
- MD5
  
  ad3d3124026a6a9c8017b57bc71ba72c
- SHA1
  
  387657e93af3c08e74fe35a2e7c9fc34c8c5b734
- SHA256
  
  7f386e57807f0c2d48b0b33f35e6baf50ba5ee8b000bbd7b4bdd454cedc9ae81
- SHA512
  
  7d5e1ace6fc184df2ad96dfaddf270f9191b80d67da60296fba17d49d9b2fb3f48a608cc919a43d53c512978722460adcfa7fee2669a6083cefc5888b46f1e6e
- SSDEEP
  
  12288:bvsXZv8km0OHcbGbvzWHz0HnquwTy+g0ssFWylkkoAbtEjQwfNqbYS2VbICKMIUb:EfPz0HILg0ssFlSj4nm
Score

10^/10

sectoprat discovery rat spyware stealer trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

sectopratdiscoveryratspywarestealertrojan

behavioral2

sectopratdiscoveryratspywarestealertrojan

© 2018-2024

Terms | Privacy