sectoprat | 7601e3f132964d270ae8b80b95f1f0ec5f0bade0dda5af0d8f5329d0151f4de8 | Triage

Submit
Reports

Overview

overview

Static

static

1

7601e3f132...8N.exe

windows7-x64

7601e3f132...8N.exe

windows10-2004-x64

Sharing

General

Target

7601e3f132964d270ae8b80b95f1f0ec5f0bade0dda5af0d8f5329d0151f4de8N.exe
Size

9.7MB
Sample

241130-2c5yhsxma1
MD5

50ab1ad6ff7df6775aee42cfd7d31070
SHA1

dcb2fadab68bc37634eb5fa395c911704e6287ed
SHA256

7601e3f132964d270ae8b80b95f1f0ec5f0bade0dda5af0d8f5329d0151f4de8
SHA512

b305835ddf98d00fc8958082ac328877e9f127c737739bdf32f4bd27fc9caa3a572ecfdec9428289ed8972e3ddad150a33b0d950534dd69234e3a08f4d8070fe
SSDEEP

196608:UqS/4h/rXqoSATFVtpGa8pVOWuNT+p2vIEJV4la4+55HCVwi2j/DIC:UdQ/LqSFlGO+XEJV4la1FGw/PB

Score

10^/10

sectoprat discovery rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

7601e3f132964d270ae8b80b95f1f0ec5f0bade0dda5af0d8f5329d0151f4de8N.exe

Resource

win7-20240903-en

sectoprat discovery rat trojan

windows7-x64

16 signatures

120 seconds

Behavioral task

behavioral2

Sample

7601e3f132964d270ae8b80b95f1f0ec5f0bade0dda5af0d8f5329d0151f4de8N.exe

Resource

win10v2004-20241007-en

sectoprat discovery rat trojan

windows10-2004-x64

15 signatures

120 seconds

Malware Config

Targets

- Target
  
  7601e3f132964d270ae8b80b95f1f0ec5f0bade0dda5af0d8f5329d0151f4de8N.exe
- Size
  
  9.7MB
- MD5
  
  50ab1ad6ff7df6775aee42cfd7d31070
- SHA1
  
  dcb2fadab68bc37634eb5fa395c911704e6287ed
- SHA256
  
  7601e3f132964d270ae8b80b95f1f0ec5f0bade0dda5af0d8f5329d0151f4de8
- SHA512
  
  b305835ddf98d00fc8958082ac328877e9f127c737739bdf32f4bd27fc9caa3a572ecfdec9428289ed8972e3ddad150a33b0d950534dd69234e3a08f4d8070fe
- SSDEEP
  
  196608:UqS/4h/rXqoSATFVtpGa8pVOWuNT+p2vIEJV4la4+55HCVwi2j/DIC:UdQ/LqSFlGO+XEJV4la1FGw/PB
Score

10^/10

sectoprat discovery rat trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sectopratdiscoveryrattrojan

behavioral2

sectopratdiscoveryrattrojan

© 2018-2025

Terms | Privacy