Overview

overview

10

Static

static

3

msn.exe

windows7-x64

10

msn.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    urituaiskdjfg.zip

  • Size

    4.7MB

  • Sample

    241020-3tsj7axdqh

  • MD5

    2b304594003a38de9d5bbdafcd5428bd

  • SHA1

    8d65aa7dd39c6d180f4211d9633bc8d0f42ece0f

  • SHA256

    dc083a97abcc87f3d153b21cf4b0ff19ca7cadc3f698b9ecfd1402b93884ac58

  • SHA512

    f8f2ded019926010b264daa2887b591a7118c9c059e631c565d131bc3ea3727374f989c9bda92cab2427666193f796de6417a1a90333acd48db11009758be6dc

  • SSDEEP

    98304:s+nGYn91nvNR+RRXt9wfqoBlDYLY+vn+yDmRTuoV86py12BE:yYnTT8RnwyegtDmdpVFI2C

Score
10/10
sectopratdiscoveryratspywaretrojan

Malware Config

Targets

    • Target

      msn.exe

    • Size

      5.5MB

    • MD5

      537915708fe4e81e18e99d5104b353ed

    • SHA1

      128ddb7096e5b748c72dc13f55b593d8d20aa3fb

    • SHA256

      6dc7275f2143d1de0ca66c487b0f2ebff3d4c6a79684f03b9619bf23143ecf74

    • SHA512

      9ceaaf7aa5889be9f5606646403133782d004b9d78ef83d7007dfce67c0f4f688d7931aebc74f1fc30aac2f1dd6281bdadfb52bc3ea46aca33b334adb4067ae2

    • SSDEEP

      49152:ERUl697ngPTrho9J8kgdjbHNZ5PP/Re5m3mxVN6KEp0v7J7k66ZRkQTXw+sljVop:uAXqnhON8m3mzNHTdw6YSX+sleu5y

    Score
    10/10
    sectopratdiscoveryratspywaretrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks