sectoprat | 8ae2402f1925ee78bdf48ce3cf3e7eebecaaf26c4a45ccc105d6beb735657f31 | Triage

Submit
Reports

Overview

overview

Static

static

3

2223A0C17B...E9.exe

windows7-x64

2223A0C17B...E9.exe

windows10-2004-x64

Sharing

General

Target

2223A0C17BC8EC63CD6D3647995978E9.exe
Size

1.6MB
Sample

241026-vef9lstpgm
MD5

2223a0c17bc8ec63cd6d3647995978e9
SHA1

c58e7e26863a557c820515a0eaa5fd5c9d56d0dc
SHA256

8ae2402f1925ee78bdf48ce3cf3e7eebecaaf26c4a45ccc105d6beb735657f31
SHA512

9028d4ff22e59be9d16e3ebd4b3e3a9c1a22a4d272a7840aae55fb3614b3e008409684e9d229ac979244db0212e768255c0e7202f6f0e6fbf49ec92d2a31ea1a
SSDEEP

49152:4IGLOBaxpDPkpx+8dV7YrrofrpR44cGwNPz6CL:JGLOBa3DspZokf1e49wNn

Score

10^/10

sectoprat discovery rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2223A0C17BC8EC63CD6D3647995978E9.exe

Resource

win7-20240903-en

sectoprat discovery rat spyware stealer trojan

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

2223A0C17BC8EC63CD6D3647995978E9.exe

Resource

win10v2004-20241007-en

sectoprat discovery rat spyware stealer trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  2223A0C17BC8EC63CD6D3647995978E9.exe
- Size
  
  1.6MB
- MD5
  
  2223a0c17bc8ec63cd6d3647995978e9
- SHA1
  
  c58e7e26863a557c820515a0eaa5fd5c9d56d0dc
- SHA256
  
  8ae2402f1925ee78bdf48ce3cf3e7eebecaaf26c4a45ccc105d6beb735657f31
- SHA512
  
  9028d4ff22e59be9d16e3ebd4b3e3a9c1a22a4d272a7840aae55fb3614b3e008409684e9d229ac979244db0212e768255c0e7202f6f0e6fbf49ec92d2a31ea1a
- SSDEEP
  
  49152:4IGLOBaxpDPkpx+8dV7YrrofrpR44cGwNPz6CL:JGLOBa3DspZokf1e49wNn
Score

10^/10

sectoprat discovery rat spyware stealer trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sectopratdiscoveryratspywarestealertrojan

behavioral2

sectopratdiscoveryratspywarestealertrojan

© 2018-2025

Terms | Privacy