sectoprat | 107789c37f85315b60b467dfc00d9473092959adfbfe736515b8d14ca99f67a5 | Triage

Submit
Reports

Overview

overview

Static

static

7

9b2e71d1d5...68.exe

windows7-x64

9b2e71d1d5...68.exe

windows10-2004-x64

Sharing

General

Target

107789c37f85315b60b467dfc00d9473092959adfbfe736515b8d14ca99f67a5
Size

3.0MB
Sample

241109-3jg1psvbnm
MD5

67af1747e08344eae77a38e2b6a10315
SHA1

7f13fa25bed5e28f874842f18c9948f584b8463a
SHA256

107789c37f85315b60b467dfc00d9473092959adfbfe736515b8d14ca99f67a5
SHA512

72695d08c852663c61bfa0a83b06a02b49a885c4ca026f7a7f8c34dae49d77418b60f5e8f4b31982aa1b7feec7bc6a59b8ec1bde8cfff9cdb2521b8293159d75
SSDEEP

49152:Q0LXPDkB8XjKjQxY1MoEd37l+frNnG9mQBw1yqL7KgmrQrweNrWZjVPD7k+X:QaXromjKljc7l+frNSmQBw1fLRxrvNyR

Score

10^/10

sectoprat discovery evasion rat themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

9b2e71d1d534f802cae86df5471e0a2093f3d2188fa3188fbbc34fa1ce920568.exe

Resource

win7-20240708-en

sectoprat discovery evasion rat themida trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

9b2e71d1d534f802cae86df5471e0a2093f3d2188fa3188fbbc34fa1ce920568.exe

Resource

win10v2004-20241007-en

sectoprat discovery evasion rat themida trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  9b2e71d1d534f802cae86df5471e0a2093f3d2188fa3188fbbc34fa1ce920568
- Size
  
  3.0MB
- MD5
  
  df26cb0b6c9228598caf0311b1d90fbb
- SHA1
  
  6b3437c2ff09e90794c8c0fde9ef16fd0531b95e
- SHA256
  
  9b2e71d1d534f802cae86df5471e0a2093f3d2188fa3188fbbc34fa1ce920568
- SHA512
  
  1d766a6648b5cbdd4047d4b27704338e159b7031953dae2bc623d530cc1ce3b96e519fc7aa9a823a80487382ce4486b9886027d819cd012ea53bcd5ff7949f91
- SSDEEP
  
  49152:FVrKfpKFsjWGcfgFzKNAdVEaPLMNeG9fyYKxyB/efz8gAnV1ye:FGj1NKN02aTtG9c8GIgAVh
Score

10^/10

sectoprat discovery evasion rat themida trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sectopratdiscoveryevasionratthemidatrojan

behavioral2

sectopratdiscoveryevasionratthemidatrojan

© 2018-2025

Terms | Privacy