sectoprat | 8ae2402f1925ee78bdf48ce3cf3e7eebecaaf26c4a45ccc105d6beb735657f31 | Triage

Submit
Reports

Overview

overview

Static

static

3

8ae2402f19...31.exe

windows7-x64

8ae2402f19...31.exe

windows10-2004-x64

Sharing

General

Target

8ae2402f1925ee78bdf48ce3cf3e7eebecaaf26c4a45ccc105d6beb735657f31.exe
Size

1.6MB
Sample

241027-c4b23s1jfz
MD5

2223a0c17bc8ec63cd6d3647995978e9
SHA1

c58e7e26863a557c820515a0eaa5fd5c9d56d0dc
SHA256

8ae2402f1925ee78bdf48ce3cf3e7eebecaaf26c4a45ccc105d6beb735657f31
SHA512

9028d4ff22e59be9d16e3ebd4b3e3a9c1a22a4d272a7840aae55fb3614b3e008409684e9d229ac979244db0212e768255c0e7202f6f0e6fbf49ec92d2a31ea1a
SSDEEP

49152:4IGLOBaxpDPkpx+8dV7YrrofrpR44cGwNPz6CL:JGLOBa3DspZokf1e49wNn

Score

10^/10

sectoprat discovery rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8ae2402f1925ee78bdf48ce3cf3e7eebecaaf26c4a45ccc105d6beb735657f31.exe

Resource

win7-20241010-en

sectoprat discovery rat trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

8ae2402f1925ee78bdf48ce3cf3e7eebecaaf26c4a45ccc105d6beb735657f31.exe

Resource

win10v2004-20241007-en

sectoprat discovery rat trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  8ae2402f1925ee78bdf48ce3cf3e7eebecaaf26c4a45ccc105d6beb735657f31.exe
- Size
  
  1.6MB
- MD5
  
  2223a0c17bc8ec63cd6d3647995978e9
- SHA1
  
  c58e7e26863a557c820515a0eaa5fd5c9d56d0dc
- SHA256
  
  8ae2402f1925ee78bdf48ce3cf3e7eebecaaf26c4a45ccc105d6beb735657f31
- SHA512
  
  9028d4ff22e59be9d16e3ebd4b3e3a9c1a22a4d272a7840aae55fb3614b3e008409684e9d229ac979244db0212e768255c0e7202f6f0e6fbf49ec92d2a31ea1a
- SSDEEP
  
  49152:4IGLOBaxpDPkpx+8dV7YrrofrpR44cGwNPz6CL:JGLOBa3DspZokf1e49wNn
Score

10^/10

sectoprat discovery rat trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

sectopratdiscoveryrattrojan

behavioral2

sectopratdiscoveryrattrojan

© 2018-2025

Terms | Privacy