Overview

overview

10

Static

static

1

data.exe

windows7-x64

7

data.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    data

  • Size

    81.2MB

  • Sample

    241128-s4cllsxmhq

  • MD5

    7a71caee51f0980b56420e3a49d2778e

  • SHA1

    4827b90daf016b1bb2a07edcc65bad5639d2df69

  • SHA256

    7058adbf8289fc200e94acbca32c23cb0dce33bd3bd29c10e0a900a109828342

  • SHA512

    9bc6f0fc1d5f3ec1d9fd29723b8fed72671b82fa20387b345d4d14b6c1032aca2fb7353730764c2ac5fe7b3e6dfcf4ebc0e9dbc4c9ed98c1a869b60ed3d41ed3

  • SSDEEP

    1572864:Db2bBvAXX++3yEbvFtg8qsRfbMi63N4XZX6jSHREle440fzKM4qt:DUAX7xTkEdO3NkkCREk44qKS

Score
10/10
sectopratdiscoveryexecutionratspywaretrojan

Malware Config

Targets

    • Target

      data

    • Size

      81.2MB

    • MD5

      7a71caee51f0980b56420e3a49d2778e

    • SHA1

      4827b90daf016b1bb2a07edcc65bad5639d2df69

    • SHA256

      7058adbf8289fc200e94acbca32c23cb0dce33bd3bd29c10e0a900a109828342

    • SHA512

      9bc6f0fc1d5f3ec1d9fd29723b8fed72671b82fa20387b345d4d14b6c1032aca2fb7353730764c2ac5fe7b3e6dfcf4ebc0e9dbc4c9ed98c1a869b60ed3d41ed3

    • SSDEEP

      1572864:Db2bBvAXX++3yEbvFtg8qsRfbMi63N4XZX6jSHREle440fzKM4qt:DUAX7xTkEdO3NkkCREk44qKS

    Score
    10/10
    discoveryexecutionsectopratratspywaretrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks