sectoprat | 16106327e0f82e5dc072bdee4d24a64885dc4d9afa6436683f271bb1bc1898a4 | Triage

Sharing

General

Target

16106327e0f82e5dc072bdee4d24a64885dc4d9afa6436683f271bb1bc1898a4.exe
Size

768KB
Sample

241213-cky3havndz
MD5

89f9361fb6c36052f0beb996819a178d
SHA1

181435f954930852c3b2e74da0144cfcd009a4de
SHA256

16106327e0f82e5dc072bdee4d24a64885dc4d9afa6436683f271bb1bc1898a4
SHA512

f09519a6b3e1f182bddf4fb24d320014edf01ab7fcefd2a49768f42e3313f590df64f9c402506877477a0b1bf5976560e4aaf51a0d76e09e5c728793220fa184
SSDEEP

12288:ovsXZv8km0OHcbGbvzWHz0HnquwQU+S0ssFWylkkoAbtEhTwfNqbYS2VbICKMIUr:rfPz0HbdS0ssFlSjtMR

Score

10^/10

sectoprat discovery rat spyware stealer trojan

Malware Config

Targets

- Target
  
  16106327e0f82e5dc072bdee4d24a64885dc4d9afa6436683f271bb1bc1898a4.exe
- Size
  
  768KB
- MD5
  
  89f9361fb6c36052f0beb996819a178d
- SHA1
  
  181435f954930852c3b2e74da0144cfcd009a4de
- SHA256
  
  16106327e0f82e5dc072bdee4d24a64885dc4d9afa6436683f271bb1bc1898a4
- SHA512
  
  f09519a6b3e1f182bddf4fb24d320014edf01ab7fcefd2a49768f42e3313f590df64f9c402506877477a0b1bf5976560e4aaf51a0d76e09e5c728793220fa184
- SSDEEP
  
  12288:ovsXZv8km0OHcbGbvzWHz0HnquwQU+S0ssFWylkkoAbtEhTwfNqbYS2VbICKMIUr:rfPz0HbdS0ssFlSjtMR
Score

10^/10

sectoprat discovery rat spyware stealer trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sectopratdiscoveryratspywarestealertrojan

behavioral2

sectopratdiscoveryratspywarestealertrojan