sectoprat | 44997a5aa2709c2cef26ea501d4f01140d34b59f0fd182282354598eef4b224b | Triage

Submit
Reports

Overview

overview

Static

static

3

44997a5aa2...4b.exe

windows7-x64

44997a5aa2...4b.exe

windows10-2004-x64

Sharing

General

Target

44997a5aa2709c2cef26ea501d4f01140d34b59f0fd182282354598eef4b224b.exe
Size

6.5MB
Sample

241123-cs8xns1qep
MD5

bfc5ea31b4aeefec1508e8f5b458e574
SHA1

976fe53a467068719f70a856dca3bb7b65a9d6dc
SHA256

44997a5aa2709c2cef26ea501d4f01140d34b59f0fd182282354598eef4b224b
SHA512

146ef0163df8be2c8e5a834c27d731c817e0540a30d4e4746109fd564c33d2d7f00560017f0d5b9ade9eea05611ed440f64022f97e30949e5bb58041452f590e
SSDEEP

98304:vi0rHj8I5IxALsFFyTFaYTXMHyAw8aMAKa392mAYYqUSoYTk0KGjp2kizn:vi0rDyraTFNKyLUAKw2B7qUShTkQjDir

Score

10^/10

sectoprat discovery rat spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

44997a5aa2709c2cef26ea501d4f01140d34b59f0fd182282354598eef4b224b.exe

Resource

win7-20240903-en

sectoprat discovery rat spyware trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

44997a5aa2709c2cef26ea501d4f01140d34b59f0fd182282354598eef4b224b.exe

Resource

win10v2004-20241007-en

sectoprat discovery rat spyware trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  44997a5aa2709c2cef26ea501d4f01140d34b59f0fd182282354598eef4b224b.exe
- Size
  
  6.5MB
- MD5
  
  bfc5ea31b4aeefec1508e8f5b458e574
- SHA1
  
  976fe53a467068719f70a856dca3bb7b65a9d6dc
- SHA256
  
  44997a5aa2709c2cef26ea501d4f01140d34b59f0fd182282354598eef4b224b
- SHA512
  
  146ef0163df8be2c8e5a834c27d731c817e0540a30d4e4746109fd564c33d2d7f00560017f0d5b9ade9eea05611ed440f64022f97e30949e5bb58041452f590e
- SSDEEP
  
  98304:vi0rHj8I5IxALsFFyTFaYTXMHyAw8aMAKa392mAYYqUSoYTk0KGjp2kizn:vi0rDyraTFNKyLUAKw2B7qUShTkQjDir
Score

10^/10

sectoprat discovery rat spyware trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sectopratdiscoveryratspywaretrojan

behavioral2

sectopratdiscoveryratspywaretrojan

© 2018-2024

Terms | Privacy