sectoprat | 574fde2396a55cda67addf09ae80dc421042546c1e48b42740f0e11bf298adf9 | Triage

Submit
Reports

Overview

overview

Static

static

7

Discord Nitro Gen.exe

windows7-x64

Discord Nitro Gen.exe

windows10-2004-x64

Sharing

General

Target

574fde2396a55cda67addf09ae80dc421042546c1e48b42740f0e11bf298adf9
Size

3.3MB
Sample

241109-v1d2daxqav
MD5

907a29c80673afe62260166bbcf6fbfd
SHA1

f673286dfb46519686ae908a4753a91a107e561b
SHA256

574fde2396a55cda67addf09ae80dc421042546c1e48b42740f0e11bf298adf9
SHA512

817d51da5f5d8d01afbfb3e114dcf8c6eae07e6e25eaef54f92070a8dba1e643e6f8b01cc7fc86d07cd08cc1476177ee4e0c14705831cebc5fa9c91d46ab333b
SSDEEP

98304:Q9do0AuwSg8UkzHJ7Bfqyv2M5tKMAYvE+nJ+zxFKp:QQuDgtGJ75L2IIKpqMp

Score

10^/10

sectoprat discovery evasion rat themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Discord Nitro Gen.exe

Resource

win7-20240903-en

sectoprat discovery evasion rat themida trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Discord Nitro Gen.exe

Resource

win10v2004-20241007-en

sectoprat discovery evasion rat themida trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  Discord Nitro Gen.exe
- Size
  
  3.3MB
- MD5
  
  dece34e2cb587b92e109725abea75a1e
- SHA1
  
  7ffa25a8270d64356093d616a4d99c1cffb1d129
- SHA256
  
  4ed77c24e030986659b728dd04cc5d6a4832a58bebbdf1f0d1e5014beadf6050
- SHA512
  
  04bf47b2ceef750e7017f2115571c5a389496220b93180b3745d84b00555dfaa304a1d8e7b74d8ecbb1cdb3eab9a94a2ded26bae9cc4b00d7117ad35938cc64c
- SSDEEP
  
  98304:0HJAlJnPhYdC/WvJAh4zs7dOwb4hJAyyagPI:yJiJmdCexAezs7dmh7dZ
Score

10^/10

sectoprat discovery evasion rat themida trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sectopratdiscoveryevasionratthemidatrojan

behavioral2

sectopratdiscoveryevasionratthemidatrojan

© 2018-2025

Terms | Privacy