sectoprat | c284f408cd1562cb4ec2bec58c5aac5e05acd31a6aa5cc37804aa477821d5bbf | Triage

Submit
Reports

Overview

overview

Static

static

1

Advanced_I....0.exe

windows7-x64

7

Advanced_I....0.exe

windows10-2004-x64

Sharing

General

Target

c284f408cd1562cb4ec2bec58c5aac5e05acd31a6aa5cc37804aa477821d5bbf.zip
Size

23.3MB
Sample

241129-ekh3dszlhm
MD5

61c18a45832e1b06b6b25abd9b7ab9eb
SHA1

895b8f8d4b4317015ef386256946178d374b7b2e
SHA256

c284f408cd1562cb4ec2bec58c5aac5e05acd31a6aa5cc37804aa477821d5bbf
SHA512

1597c3364869fcc7fbeb9d3d8d3e1b430c33125dcf7e51c73494ee5c186c16cacf4796b3d69f1d3b892e0ebd3af6b4544de036a8d628887abc813de8206605d8
SSDEEP

393216:UCYfWGDfBpQLj4eNWwdbyLoRX8ZapFQUdJ1ccCSbIrAaRyOs5s9X:gfWG1pQn7NXdbyeXsapFh1ccC7dyOIsN

Score

10^/10

sectoprat discovery execution rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

Advanced_IP_Scanner_3.2.2048.0.exe

Resource

win7-20241010-en

discovery execution

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Advanced_IP_Scanner_3.2.2048.0.exe

Resource

win10v2004-20241007-en

sectoprat discovery execution rat trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  Advanced_IP_Scanner_3.2.2048.0.exe
- Size
  
  23.8MB
- MD5
  
  ecc581297b2c637c187c5b8f2455d0a9
- SHA1
  
  3f07a6c4f13e193631f21db3950aa9393a5824b1
- SHA256
  
  5cbe2ec3c59b2cffd0ff87d7931f3f406985cbeb5648f9afcd36475552e96cc1
- SHA512
  
  a2271103092085798d4cdc47aec4c6cf685cfd5a4c6ea5d6116c2053649dd4f6c3c9e2c555485c708a0a2aed78b610009e1a0aa0413d1d4b491bfb5abd21da68
- SSDEEP
  
  393216:d8jU2t/X9E3JMUNccjPql0NbgVunl22V5v+6m8FavWoB+Ysjuvk:CjU2p9EZvNdjP6Kbaunldv+6mLZ+YAuc
Score

10^/10

discovery execution sectoprat rat trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

sectopratdiscoveryexecutionrattrojan

© 2018-2025

Terms | Privacy