Overview

overview

10

Static

static

1

SFHgtxFGtB.ps1

windows7-x64

3

SFHgtxFGtB.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SFHgtxFGtB.ps1

  • Size

    35KB

  • Sample

    241218-a95v8swrhj

  • MD5

    6a34a3dbed524eed6d73c72188418d80

  • SHA1

    6a6ee1aa6ad9d9fbd7b7112df3a5c92b83c18667

  • SHA256

    45ab4ca2483759d89bc446e6797e86489eb08cfeb3f740440a83ff6d83eb5503

  • SHA512

    6fd7dc31836db3062aea0ab2bf0c7b0c45ee188fa9f2a872de968db2635aefc404d057444ec15ffea66585f6aa8e18acf2088e9523ac9138680ef6061465db30

  • SSDEEP

    96:YdgXCdz1ArDw1DQXZB08+uFk0WK49Ms00IYY+blwIAAwIYmEYsR0KkMEIIAAYwwP:EZu

Score
10/10
sectopratdiscoveryexecutionpersistencerattrojan

Malware Config

Targets

    • Target

      SFHgtxFGtB.ps1

    • Size

      35KB

    • MD5

      6a34a3dbed524eed6d73c72188418d80

    • SHA1

      6a6ee1aa6ad9d9fbd7b7112df3a5c92b83c18667

    • SHA256

      45ab4ca2483759d89bc446e6797e86489eb08cfeb3f740440a83ff6d83eb5503

    • SHA512

      6fd7dc31836db3062aea0ab2bf0c7b0c45ee188fa9f2a872de968db2635aefc404d057444ec15ffea66585f6aa8e18acf2088e9523ac9138680ef6061465db30

    • SSDEEP

      96:YdgXCdz1ArDw1DQXZB08+uFk0WK49Ms00IYY+blwIAAwIYmEYsR0KkMEIIAAYwwP:EZu

    Score
    10/10
    executionsectopratdiscoverypersistencerattrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks