sectoprat | b791f566ac178a53e80d08a3aad7b3b2d2dc762cc084e19d0fdc28c9d12473ec | Triage

Submit
Reports

Overview

overview

Static

static

1

b791f566ac...ec.exe

windows7-x64

b791f566ac...ec.exe

windows10-2004-x64

Sharing

General

Target

b791f566ac178a53e80d08a3aad7b3b2d2dc762cc084e19d0fdc28c9d12473ec.exe
Size

6.5MB
Sample

240719-jlz5hstana
MD5

9286844b73ccb48854e1a603cd32a39d
SHA1

6919e99ed913abd39b377b875dba690b34e1ab65
SHA256

b791f566ac178a53e80d08a3aad7b3b2d2dc762cc084e19d0fdc28c9d12473ec
SHA512

e4bbb50e8e7098c3b33c1885afcd514084142f15c229ab9bbdb3cf873621fd9b8b560338379b3970be9a3c8ec93ea6441578dce7080c879c2c8761618159ba52
SSDEEP

98304:z/KaPjsr/EC+VfUyHEA+R1bByG+H1iV9RLafmbByG+H1iV9YbByG+H1iV9JT4o+x:Njsr/E/Vdy19k1iN39k1iU9k1iNfqOU

Score

10^/10

sectoprat persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

b791f566ac178a53e80d08a3aad7b3b2d2dc762cc084e19d0fdc28c9d12473ec.exe

Resource

win7-20240704-en

sectoprat persistence rat trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

b791f566ac178a53e80d08a3aad7b3b2d2dc762cc084e19d0fdc28c9d12473ec.exe

Resource

win10v2004-20240709-en

sectoprat persistence rat trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  b791f566ac178a53e80d08a3aad7b3b2d2dc762cc084e19d0fdc28c9d12473ec.exe
- Size
  
  6.5MB
- MD5
  
  9286844b73ccb48854e1a603cd32a39d
- SHA1
  
  6919e99ed913abd39b377b875dba690b34e1ab65
- SHA256
  
  b791f566ac178a53e80d08a3aad7b3b2d2dc762cc084e19d0fdc28c9d12473ec
- SHA512
  
  e4bbb50e8e7098c3b33c1885afcd514084142f15c229ab9bbdb3cf873621fd9b8b560338379b3970be9a3c8ec93ea6441578dce7080c879c2c8761618159ba52
- SSDEEP
  
  98304:z/KaPjsr/EC+VfUyHEA+R1bByG+H1iV9RLafmbByG+H1iV9YbByG+H1iV9JT4o+x:Njsr/E/Vdy19k1iN39k1iU9k1iNfqOU
Score

10^/10

sectoprat persistence rat trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

sectopratpersistencerattrojan

behavioral2

sectopratpersistencerattrojan

© 2018-2024

Terms | Privacy