sectoprat | 6590dc32caebdbff8a922f90d5d23aa827192daae79ae398c351404436495143 | Triage

Sharing

General

Target

2024-07-04_dd85c2c2740e9b26ba58d694bc5dfc76_magniber
Size

9.9MB
Sample

240704-a82r7axbpb
MD5

dd85c2c2740e9b26ba58d694bc5dfc76
SHA1

ddd91cb1e481ee9dcf80921875791aff40865a88
SHA256

6590dc32caebdbff8a922f90d5d23aa827192daae79ae398c351404436495143
SHA512

7afee25f7e2f994bd04437ceb27e336c9b380f303c5c0602f437d4fc9845bb9b04320d8c400b6c18c1ef700857af38166218f9e977fa9d1dc31c4cc87212b6e2
SSDEEP

196608:TaetdpmxiHUbVaw5zph8qU9m/zmtseRML2l3hDHaI6HMaJTtGb/ki00Sv5TiK/nR:Gmf+iHoT5P8SzaD8lpiK/YBNENa2

Score

10^/10

sectoprat rat spyware trojan

Malware Config

Targets

- Target
  
  2024-07-04_dd85c2c2740e9b26ba58d694bc5dfc76_magniber
- Size
  
  9.9MB
- MD5
  
  dd85c2c2740e9b26ba58d694bc5dfc76
- SHA1
  
  ddd91cb1e481ee9dcf80921875791aff40865a88
- SHA256
  
  6590dc32caebdbff8a922f90d5d23aa827192daae79ae398c351404436495143
- SHA512
  
  7afee25f7e2f994bd04437ceb27e336c9b380f303c5c0602f437d4fc9845bb9b04320d8c400b6c18c1ef700857af38166218f9e977fa9d1dc31c4cc87212b6e2
- SSDEEP
  
  196608:TaetdpmxiHUbVaw5zph8qU9m/zmtseRML2l3hDHaI6HMaJTtGb/ki00Sv5TiK/nR:Gmf+iHoT5P8SzaD8lpiK/YBNENa2
Score

10^/10

sectoprat rat spyware trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Drops startup file
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

sectopratratspywaretrojan