sectoprat | 974d7d6c142b2febd7cff47ba9b6ad8bf6b396b9ee6fc0d7d6f8b94ead8b3ffd

General

Target

974d7d6c142b2febd7cff47ba9b6ad8bf6b396b9ee6fc0d7d6f8b94ead8b3ffd
Size

44KB
MD5

9f11f77e84a40d8c803ab8d82e5e500a
SHA1

4e38aafb2d80b8cfd46debf4b16e77186998a983
SHA256

974d7d6c142b2febd7cff47ba9b6ad8bf6b396b9ee6fc0d7d6f8b94ead8b3ffd
SHA512

d7ee48ccbac7c2c2f3135047745f8db69436715c2c3cf933fa33226a2b1cd5782ed5f9d956857002a6966dabef6a7ec32af3f855c56ade3268d23602fd7aed36
SSDEEP

768:fpWd40Pq9Wt3uaoXEPuWQ7aorhvAXfIs4keRbMdvSDTCi70GlxjyNE0jBscDd:hWdw9CvoUmhaotoXgsKbBb70uZiP9N5

Score

10^/10

Family

redline

Botnet

BL

C2

193.233.49.109:22285

SectopRAT payload 1 IoCs

resource	yara_rule
static1/unpack001/d7f94c05f6d679ea0df97e773ee754166ecee640bd2b93e2b533bab9568cae84.exe	family_sectoprat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d7f94c05f6d679ea0df97e773ee754166ecee640bd2b93e2b533bab9568cae84.exe

974d7d6c142b2febd7cff47ba9b6ad8bf6b396b9ee6fc0d7d6f8b94ead8b3ffd
.zip

Password: infected
d7f94c05f6d679ea0df97e773ee754166ecee640bd2b93e2b533bab9568cae84.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ