sectoprat | fe40afb158e24c1896776fe3bdef33d2bb85ae67cf7b115f309d2535fc2a6afd | Triage

Sharing

General

Target

rebuilderUI.exe
Size

23.5MB
Sample

241125-nw6r9svnav
MD5

a40675ca8d440353611fd6ba578fec1a
SHA1

ede5d2c3bc31f35ce9161bbf40518abb3dd91d51
SHA256

fe40afb158e24c1896776fe3bdef33d2bb85ae67cf7b115f309d2535fc2a6afd
SHA512

2a874d280966ab80ff864db89abf42f7d1fc5a7caefe3a66eb747f36c8155724d72fd0e4a289313950492cd16c62104d37831462b6b8fcd35621961285c3667f
SSDEEP

393216:KnV+F7Z799sXdJdcKq5wCvSmFR1szWjpE2y7PMo+LXY8s:KnUr77sXBq9b1szWd1y7koV8s

Score

10^/10

sectoprat discovery rat spyware trojan

Malware Config

Targets

- Target
  
  rebuilderUI.exe
- Size
  
  23.5MB
- MD5
  
  a40675ca8d440353611fd6ba578fec1a
- SHA1
  
  ede5d2c3bc31f35ce9161bbf40518abb3dd91d51
- SHA256
  
  fe40afb158e24c1896776fe3bdef33d2bb85ae67cf7b115f309d2535fc2a6afd
- SHA512
  
  2a874d280966ab80ff864db89abf42f7d1fc5a7caefe3a66eb747f36c8155724d72fd0e4a289313950492cd16c62104d37831462b6b8fcd35621961285c3667f
- SSDEEP
  
  393216:KnV+F7Z799sXdJdcKq5wCvSmFR1szWjpE2y7PMo+LXY8s:KnUr77sXBq9b1szWd1y7koV8s
Score

10^/10

sectoprat discovery rat spyware trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sectopratdiscoveryratspywaretrojan

behavioral2

sectopratdiscoveryratspywaretrojan