sectoprat

General

Target

pdScript.exe
Size

3.2MB
Sample

240702-wqy48svbmd
MD5

d464091627b9892b52f3f62fa3a03264
SHA1

85617122af6e94afada156fbe577bc59ca9dca8f
SHA256

de2b6a281000101e51a1848ea5ae9526355d749ca8095b25ce0b43b8641d4a63
SHA512

290bbe3de0051f9c29049fedf259cf3cb4d1b3015c468e7d5e93cbee11534f1f920b18b49363864d3f367590ec7342ba800cd988ac98db081271c3b76726e21c
SSDEEP

49152:NI9+2qYtQ/Rg2ECNUg2I7wUpEroPeeegawQTCIyVM8OoJNY:Sg21t0q2ECNURoPblawXIyXOoc

Score

10^/10

Malware Config

Targets

- Target
  
  pdScript.exe
- Size
  
  3.2MB
- MD5
  
  d464091627b9892b52f3f62fa3a03264
- SHA1
  
  85617122af6e94afada156fbe577bc59ca9dca8f
- SHA256
  
  de2b6a281000101e51a1848ea5ae9526355d749ca8095b25ce0b43b8641d4a63
- SHA512
  
  290bbe3de0051f9c29049fedf259cf3cb4d1b3015c468e7d5e93cbee11534f1f920b18b49363864d3f367590ec7342ba800cd988ac98db081271c3b76726e21c
- SSDEEP
  
  49152:NI9+2qYtQ/Rg2ECNUg2I7wUpEroPeeegawQTCIyVM8OoJNY:Sg21t0q2ECNURoPblawXIyXOoc
Score

10^/10

sectoprat rat trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Executes dropped EXE
- Loads dropped DLL
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

SectopRAT payload

Executes dropped EXE

Loads dropped DLL

Blocklisted process makes network request

Enumerates connected drives

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3