sectoprat | afbdaa974cdc9624fe94b5c0ca6ce01695570790a68cc9c86ea0619973f13d07 | Triage

Submit
Reports

Overview

overview

Static

static

1

afbdaa974c...07.msi

windows7-x64

afbdaa974c...07.msi

windows10-2004-x64

Sharing

General

Target

afbdaa974cdc9624fe94b5c0ca6ce01695570790a68cc9c86ea0619973f13d07.msi
Size

2.9MB
Sample

241018-l43pgatdnn
MD5

d87cc5fb2d4047d442446cc6d2d01cf9
SHA1

8d2c76bb8248b1c8171c4cc198255d5613afe6fe
SHA256

afbdaa974cdc9624fe94b5c0ca6ce01695570790a68cc9c86ea0619973f13d07
SHA512

542e85c82bb770f8e4c6415597330d541be2a21c1e95f83c9e57db5df123255be831f4beab56f7211dd1b7c3823838ce3526fa16ae81f5d9bf4767ab46217333
SSDEEP

49152:NiSoOl+YyNuCClJkqr6zeM4I/157fW8KvSu784p0mKZ+nYxgrFUhmnb+t1cVDUqb:Nt7+YJCCvkP4Id59Kvv8KGZgYyyuqtUF

Score

10^/10

sectoprat discovery persistence privilege_escalation rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

afbdaa974cdc9624fe94b5c0ca6ce01695570790a68cc9c86ea0619973f13d07.msi

Resource

win7-20241010-en

sectoprat discovery persistence privilege_escalation rat trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

afbdaa974cdc9624fe94b5c0ca6ce01695570790a68cc9c86ea0619973f13d07.msi

Resource

win10v2004-20241007-en

sectoprat discovery persistence privilege_escalation rat trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  afbdaa974cdc9624fe94b5c0ca6ce01695570790a68cc9c86ea0619973f13d07.msi
- Size
  
  2.9MB
- MD5
  
  d87cc5fb2d4047d442446cc6d2d01cf9
- SHA1
  
  8d2c76bb8248b1c8171c4cc198255d5613afe6fe
- SHA256
  
  afbdaa974cdc9624fe94b5c0ca6ce01695570790a68cc9c86ea0619973f13d07
- SHA512
  
  542e85c82bb770f8e4c6415597330d541be2a21c1e95f83c9e57db5df123255be831f4beab56f7211dd1b7c3823838ce3526fa16ae81f5d9bf4767ab46217333
- SSDEEP
  
  49152:NiSoOl+YyNuCClJkqr6zeM4I/157fW8KvSu784p0mKZ+nYxgrFUhmnb+t1cVDUqb:Nt7+YJCCvkP4Id59Kvv8KGZgYyyuqtUF
Score

10^/10

sectoprat discovery persistence privilege_escalation rat trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

sectopratdiscoverypersistenceprivilege_escalationrattrojan

behavioral2

sectopratdiscoverypersistenceprivilege_escalationrattrojan

© 2018-2025

Terms | Privacy