sectoprat | d864a359e3a19182e72109fe75408d21b10215938e8be4098c4dbbc8ce0b7c7c | Triage

Submit
Reports

Overview

overview

Static

static

1

d864a359e3...7c.exe

windows7-x64

7

d864a359e3...7c.exe

windows10-2004-x64

Sharing

General

Target

d864a359e3a19182e72109fe75408d21b10215938e8be4098c4dbbc8ce0b7c7c.exe
Size

83.6MB
Sample

241130-cewp7a1mcr
MD5

a91b4875630c4f702ab63f94ed633da4
SHA1

d485e90a501aa11f89f684063e5fbe235937f0bf
SHA256

d864a359e3a19182e72109fe75408d21b10215938e8be4098c4dbbc8ce0b7c7c
SHA512

43e4a19efcb814ae3b418177679fb52d257fd9046b6ac4baaea2fdfecb8627bc80ecdfc8288139d669e639c748f63c043d5b6997147b580d64bab3518524b460
SSDEEP

1572864:ZyM8TruaFhFBQ4aidylq1RFVKl8J/1BbAYqnmy2QPz2Pt0BQGRClJygc:ZyMAeiTFny2ezE0QGiJygc

Score

10^/10

sectoprat discovery execution rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

d864a359e3a19182e72109fe75408d21b10215938e8be4098c4dbbc8ce0b7c7c.exe

Resource

win7-20240903-en

discovery execution

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

d864a359e3a19182e72109fe75408d21b10215938e8be4098c4dbbc8ce0b7c7c.exe

Resource

win10v2004-20241007-en

sectoprat discovery execution rat trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  d864a359e3a19182e72109fe75408d21b10215938e8be4098c4dbbc8ce0b7c7c.exe
- Size
  
  83.6MB
- MD5
  
  a91b4875630c4f702ab63f94ed633da4
- SHA1
  
  d485e90a501aa11f89f684063e5fbe235937f0bf
- SHA256
  
  d864a359e3a19182e72109fe75408d21b10215938e8be4098c4dbbc8ce0b7c7c
- SHA512
  
  43e4a19efcb814ae3b418177679fb52d257fd9046b6ac4baaea2fdfecb8627bc80ecdfc8288139d669e639c748f63c043d5b6997147b580d64bab3518524b460
- SSDEEP
  
  1572864:ZyM8TruaFhFBQ4aidylq1RFVKl8J/1BbAYqnmy2QPz2Pt0BQGRClJygc:ZyMAeiTFny2ezE0QGiJygc
Score

10^/10

discovery execution sectoprat rat trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

sectopratdiscoveryexecutionrattrojan

© 2018-2025

Terms | Privacy