Overview

overview

10

Static

static

1

b791f566ac...ec.exe

windows7-x64

10

b791f566ac...ec.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b791f566ac178a53e80d08a3aad7b3b2d2dc762cc084e19d0fdc28c9d12473ec.exe

  • Size

    6.5MB

  • Sample

    240720-npwnqayeqp

  • MD5

    9286844b73ccb48854e1a603cd32a39d

  • SHA1

    6919e99ed913abd39b377b875dba690b34e1ab65

  • SHA256

    b791f566ac178a53e80d08a3aad7b3b2d2dc762cc084e19d0fdc28c9d12473ec

  • SHA512

    e4bbb50e8e7098c3b33c1885afcd514084142f15c229ab9bbdb3cf873621fd9b8b560338379b3970be9a3c8ec93ea6441578dce7080c879c2c8761618159ba52

  • SSDEEP

    98304:z/KaPjsr/EC+VfUyHEA+R1bByG+H1iV9RLafmbByG+H1iV9YbByG+H1iV9JT4o+x:Njsr/E/Vdy19k1iN39k1iU9k1iNfqOU

Score
10/10
sectopratpersistencerattrojan

Malware Config

Targets

    • Target

      b791f566ac178a53e80d08a3aad7b3b2d2dc762cc084e19d0fdc28c9d12473ec.exe

    • Size

      6.5MB

    • MD5

      9286844b73ccb48854e1a603cd32a39d

    • SHA1

      6919e99ed913abd39b377b875dba690b34e1ab65

    • SHA256

      b791f566ac178a53e80d08a3aad7b3b2d2dc762cc084e19d0fdc28c9d12473ec

    • SHA512

      e4bbb50e8e7098c3b33c1885afcd514084142f15c229ab9bbdb3cf873621fd9b8b560338379b3970be9a3c8ec93ea6441578dce7080c879c2c8761618159ba52

    • SSDEEP

      98304:z/KaPjsr/EC+VfUyHEA+R1bByG+H1iV9RLafmbByG+H1iV9YbByG+H1iV9JT4o+x:Njsr/E/Vdy19k1iN39k1iU9k1iNfqOU

    Score
    10/10
    sectopratpersistencerattrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks