sectoprat | cfa3aa39deeb3f6676492660c22c6e47429f8dc19b39310c526528e960aa5541 | Triage

Submit
Reports

Overview

overview

Static

static

1

050bf1667b...e4.exe

windows7-x64

050bf1667b...e4.exe

windows10-2004-x64

Sharing

General

Target

050bf1667b3582ee614153462e676ee4.exe
Size

3.3MB
Sample

240718-pea5psxgkp
MD5

050bf1667b3582ee614153462e676ee4
SHA1

2867882f64330110243f001850c243018f0f831c
SHA256

cfa3aa39deeb3f6676492660c22c6e47429f8dc19b39310c526528e960aa5541
SHA512

49ff898bee46784a161f7d7de1e8b72d8482f11661c6bb552bb4a30993c25891e44940fd47f2e33a8bb289280624d36cdc3b65613b343c957ed4dac97427b9be
SSDEEP

49152:iR/KpmZubPf2S8W2ILeWl+C1t9jWy5Snd0eigXGrHz9FX3G3kGiauKmgBRAD:E/jtYLP1Gy5E0tHz9ppaxBRy

Score

10^/10

sectoprat discovery rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

050bf1667b3582ee614153462e676ee4.exe

Resource

win7-20240708-en

sectoprat discovery rat spyware stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

050bf1667b3582ee614153462e676ee4.exe

Resource

win10v2004-20240709-en

sectoprat discovery rat spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  050bf1667b3582ee614153462e676ee4.exe
- Size
  
  3.3MB
- MD5
  
  050bf1667b3582ee614153462e676ee4
- SHA1
  
  2867882f64330110243f001850c243018f0f831c
- SHA256
  
  cfa3aa39deeb3f6676492660c22c6e47429f8dc19b39310c526528e960aa5541
- SHA512
  
  49ff898bee46784a161f7d7de1e8b72d8482f11661c6bb552bb4a30993c25891e44940fd47f2e33a8bb289280624d36cdc3b65613b343c957ed4dac97427b9be
- SSDEEP
  
  49152:iR/KpmZubPf2S8W2ILeWl+C1t9jWy5Snd0eigXGrHz9FX3G3kGiauKmgBRAD:E/jtYLP1Gy5E0tHz9ppaxBRy
Score

10^/10

sectoprat discovery rat spyware stealer trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

sectopratdiscoveryratspywarestealertrojan

behavioral2

sectopratdiscoveryratspywarestealertrojan

© 2018-2024

Terms | Privacy