sectoprat | c0548aad351aff17865b157dd1656f4f5a6c039aba4e0bb03810382730e860ef | Triage

Submit
Reports

Overview

overview

Static

static

7

7984795034...18.exe

windows7-x64

7984795034...18.exe

windows10-2004-x64

Sharing

General

Target

7984795034356e98ee58d8dc22528b37_JaffaCakes118
Size

2.7MB
Sample

240730-wrtadawcra
MD5

7984795034356e98ee58d8dc22528b37
SHA1

59f6121fa70794c5db6876681eab7884f85f2a65
SHA256

c0548aad351aff17865b157dd1656f4f5a6c039aba4e0bb03810382730e860ef
SHA512

1776ff7c5ad9b4111a4bc187e52e595b1215d8e5b61af2e64ebcc193ed0690f9c5524dc2d9d6afffbf65bff1bf9a1a0428749f0ee9ea7e1962e90d9efe801161
SSDEEP

49152:OPwJWVpV90FiuOVP7z6s375OZusxqik2bJRiAJV6aSaoo:OYJSr26jL5OgqqQjYr

Score

10^/10

sectoprat discovery evasion rat themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

7984795034356e98ee58d8dc22528b37_JaffaCakes118.exe

Resource

win7-20240708-en

sectoprat discovery evasion rat themida trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

7984795034356e98ee58d8dc22528b37_JaffaCakes118.exe

Resource

win10v2004-20240730-en

sectoprat discovery evasion rat themida trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  7984795034356e98ee58d8dc22528b37_JaffaCakes118
- Size
  
  2.7MB
- MD5
  
  7984795034356e98ee58d8dc22528b37
- SHA1
  
  59f6121fa70794c5db6876681eab7884f85f2a65
- SHA256
  
  c0548aad351aff17865b157dd1656f4f5a6c039aba4e0bb03810382730e860ef
- SHA512
  
  1776ff7c5ad9b4111a4bc187e52e595b1215d8e5b61af2e64ebcc193ed0690f9c5524dc2d9d6afffbf65bff1bf9a1a0428749f0ee9ea7e1962e90d9efe801161
- SSDEEP
  
  49152:OPwJWVpV90FiuOVP7z6s375OZusxqik2bJRiAJV6aSaoo:OYJSr26jL5OgqqQjYr
Score

10^/10

sectoprat discovery evasion rat themida trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sectopratdiscoveryevasionratthemidatrojan

behavioral2

sectopratdiscoveryevasionratthemidatrojan

© 2018-2024

Terms | Privacy