sectoprat | 2b1510cc90b56f53d3098f64477e3e6b34ecf9a90831df2db23d9d418b735a91 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

d3c967ebe0...f3.exe

windows7-x64

d3c967ebe0...f3.exe

windows10-2004-x64

Sharing

General

Target

47c9d4bbb10a138cb8d126735b976f22.zip
Size

2.3MB
Sample

240901-gde39sshkm
MD5

114e4113752665be0c8dd5ff07c00a65
SHA1

48f6b7fc8a1453659fc95e4a9b201e551118f04e
SHA256

2b1510cc90b56f53d3098f64477e3e6b34ecf9a90831df2db23d9d418b735a91
SHA512

4a13c1e90715d19beaf486cc6f1dfb46b1afb49f622dc1c106c9553f4c2a360bc0e6a81197aaf353187afcfd2d1a20acc56fe3ceca17d0f5a52a494403017d24
SSDEEP

49152:GgrS87z29/Sfj/rbXgOVZGl7Zra4YD7+GKQOxWBy3hFsFOMPmk58Ovf5L:I87z+qfDrbQOVZmZe1D7+7BrFsFDPH3N

Score

10^/10

sectoprat discovery evasion rat themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d3c967ebe05bcd11c84a933670ecdc748a621ab5b3892c45c883c0d55ba556f3.exe

Resource

win7-20240708-en

sectoprat discovery evasion rat themida trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

d3c967ebe05bcd11c84a933670ecdc748a621ab5b3892c45c883c0d55ba556f3.exe

Resource

win10v2004-20240802-en

sectoprat discovery evasion rat themida trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  d3c967ebe05bcd11c84a933670ecdc748a621ab5b3892c45c883c0d55ba556f3
- Size
  
  2.3MB
- MD5
  
  47c9d4bbb10a138cb8d126735b976f22
- SHA1
  
  0ce89089004bb315f0f6934311d4a98678042e84
- SHA256
  
  d3c967ebe05bcd11c84a933670ecdc748a621ab5b3892c45c883c0d55ba556f3
- SHA512
  
  aef2f3af76887ebf736b21d43032e0edb59aaa40be608142abee9c165f2fb1ad47c66b8477f064293bd13080231a2309079a590d194fbac79a27994fff94b851
- SSDEEP
  
  49152:8XJROhQi7Sn42IvWHSSwmBI7uAtN1po9xvCLJk03FczZ:850dW42ITWK7z/1C9L03F8
Score

10^/10

sectoprat discovery evasion rat themida trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sectopratdiscoveryevasionratthemidatrojan

behavioral2

sectopratdiscoveryevasionratthemidatrojan

© 2018-2025

Terms | Privacy