Overview

overview

10

Static

static

1

405f4f4f44...dN.exe

windows7-x64

10

405f4f4f44...dN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    405f4f4f442eb50faed3d85bdeacca808298734a0ae227ed0031b1f93d2d5e8dN.exe

  • Size

    9.7MB

  • Sample

    241125-h3711svpc1

  • MD5

    efee7c6f977480da8045c65578fc5da0

  • SHA1

    60d2b7e4860343637e9765577761eb1d341a5238

  • SHA256

    405f4f4f442eb50faed3d85bdeacca808298734a0ae227ed0031b1f93d2d5e8d

  • SHA512

    3e1c82db7b49005af4e0763c5d0d6dadb25da672eabf626057f77dbd6e0cd5a7a90ec63f58a77d599cd197815ecca2fa2a439d83246c3f80e44e942d6538755c

  • SSDEEP

    196608:UqS/4h/rXqoSATFVtpGa8pVOWuNT+p2vIEJV4la4+55HCVwi2j/DI:UdQ/LqSFlGO+XEJV4la1FGw/P

Score
10/10
sectopratdiscoveryrattrojan

Malware Config

Targets

    • Target

      405f4f4f442eb50faed3d85bdeacca808298734a0ae227ed0031b1f93d2d5e8dN.exe

    • Size

      9.7MB

    • MD5

      efee7c6f977480da8045c65578fc5da0

    • SHA1

      60d2b7e4860343637e9765577761eb1d341a5238

    • SHA256

      405f4f4f442eb50faed3d85bdeacca808298734a0ae227ed0031b1f93d2d5e8d

    • SHA512

      3e1c82db7b49005af4e0763c5d0d6dadb25da672eabf626057f77dbd6e0cd5a7a90ec63f58a77d599cd197815ecca2fa2a439d83246c3f80e44e942d6538755c

    • SSDEEP

      196608:UqS/4h/rXqoSATFVtpGa8pVOWuNT+p2vIEJV4la4+55HCVwi2j/DI:UdQ/LqSFlGO+XEJV4la1FGw/P

    Score
    10/10
    sectopratdiscoveryrattrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks