sectoprat | a35bb31351cf385fe52b27c02642f2f99aed0d8fd472b4df12bf508faf3426d3 | Triage

Submit
Reports

Overview

overview

Static

static

7

d59c7cc6f1...18.exe

windows7-x64

d59c7cc6f1...18.exe

windows10-2004-x64

Sharing

General

Target

d59c7cc6f109cb59fa55309f4f829692_JaffaCakes118
Size

3.0MB
Sample

241208-gvyxpsvrdv
MD5

d59c7cc6f109cb59fa55309f4f829692
SHA1

18c2361058540fdf9684ba07cef04085d90dbaa2
SHA256

a35bb31351cf385fe52b27c02642f2f99aed0d8fd472b4df12bf508faf3426d3
SHA512

532d135a1009a4a4985cbf15ad1cd1fe35a2ea5bb1a8ce15da5c2f5f6d7cb9b07491715b24539ad36702c664fb71e98a4f3aca1753691de5a02d73caa87bbc00
SSDEEP

49152:KDaBkTKFi1vosNsqTGmCOicY/TCJyMRrCUXVgGdCMKxdaFVOJjg5BRifqGkuPSXv:GaBEvo1qTga4AJTldCZmcUTRwkv1rlxB

Score

10^/10

sectoprat discovery evasion rat themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d59c7cc6f109cb59fa55309f4f829692_JaffaCakes118.exe

Resource

win7-20240903-en

sectoprat discovery evasion rat themida trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

d59c7cc6f109cb59fa55309f4f829692_JaffaCakes118.exe

Resource

win10v2004-20241007-en

sectoprat discovery evasion rat themida trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  d59c7cc6f109cb59fa55309f4f829692_JaffaCakes118
- Size
  
  3.0MB
- MD5
  
  d59c7cc6f109cb59fa55309f4f829692
- SHA1
  
  18c2361058540fdf9684ba07cef04085d90dbaa2
- SHA256
  
  a35bb31351cf385fe52b27c02642f2f99aed0d8fd472b4df12bf508faf3426d3
- SHA512
  
  532d135a1009a4a4985cbf15ad1cd1fe35a2ea5bb1a8ce15da5c2f5f6d7cb9b07491715b24539ad36702c664fb71e98a4f3aca1753691de5a02d73caa87bbc00
- SSDEEP
  
  49152:KDaBkTKFi1vosNsqTGmCOicY/TCJyMRrCUXVgGdCMKxdaFVOJjg5BRifqGkuPSXv:GaBEvo1qTga4AJTldCZmcUTRwkv1rlxB
Score

10^/10

sectoprat discovery evasion rat themida trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sectopratdiscoveryevasionratthemidatrojan

behavioral2

sectopratdiscoveryevasionratthemidatrojan

© 2018-2025

Terms | Privacy