sectoprat | a42611665806c5056faf4d5cfeadf98878d8132243b2097ef13ba7fcfab22c0b | Triage

Sharing

General

Target

a42611665806c5056faf4d5cfeadf98878d8132243b2097ef13ba7fcfab22c0b.zip
Size

4.1MB
Sample

241128-vjh9rstmfz
MD5

e2066ae0be02db87ec6267234b0ea65a
SHA1

24e0b6e9fc90f9b673f1d7fe17d920bd857c776f
SHA256

a42611665806c5056faf4d5cfeadf98878d8132243b2097ef13ba7fcfab22c0b
SHA512

78ab67e046d3cd93ea18cbc6e0399232458eb71e3879dfaab7163f6a230cca2ada609af6bcc92685e1bf2c9b7ebf2b66af4ce68c581678421b6b635e2d7572b9
SSDEEP

98304:ZVVtbM83oo5aIvS5UO6eoVRi9nrVbfdGPc3xz+l:fVtbMKogaIvS5lX/GMo

Score

10^/10

sectoprat discovery rat spyware trojan

Malware Config

Targets

- Target
  
  dobi.exe
- Size
  
  9.6MB
- MD5
  
  a439025e40533f6e78c74fe8e9ce9875
- SHA1
  
  6ae40c35d089fd05b521affda29c205effdf9928
- SHA256
  
  a15ddd90e6ad35fc8896d7d613d0d178bdc29a9353128e6b5b4e177abcb8195f
- SHA512
  
  a2e22c32a1b6c50cfef234a7fe9581df516d3b7129645d64ffb16652a4dc757294aa5ccdae2a3c1a530c71251abeeb73356ca4f6b33b73fdd7cac2161a16d84b
- SSDEEP
  
  98304:RkLpZuLG6phE8B5ICZu0yYfq3TTLJB7foR:6Lp4GeENIKYR
Score

10^/10

sectoprat discovery rat trojan spyware
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sectopratdiscoveryrattrojan

behavioral2

sectopratdiscoveryratspywaretrojan