Overview

overview

10

Static

static

3

38ec7beccf...4N.exe

windows7-x64

10

38ec7beccf...4N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    38ec7beccfdd4eb6a127ca301a76ef794b2d24a74bae33ed0754674e0d57af74N.exe

  • Size

    3.5MB

  • Sample

    250104-f8fgvavkcw

  • MD5

    e64e703a5808f2617ae4c1ce2c268f40

  • SHA1

    94ba10bb9dbf56bbce2d1ae52685c687ec394b36

  • SHA256

    38ec7beccfdd4eb6a127ca301a76ef794b2d24a74bae33ed0754674e0d57af74

  • SHA512

    50c655b85bef78d1c38819231b9500224edaf0edd9c837d130b284866a0715a9d1709aaf17981235c7250d9ed7926c7c9b629c8d907baf36215a5c25a870648b

  • SSDEEP

    98304:SwRElZ33Li0XUU3FMi9+Q4m1PQKqT1p1zl:ufnGcUU0xm1Psxzl

Score
10/10
sectopratdiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      38ec7beccfdd4eb6a127ca301a76ef794b2d24a74bae33ed0754674e0d57af74N.exe

    • Size

      3.5MB

    • MD5

      e64e703a5808f2617ae4c1ce2c268f40

    • SHA1

      94ba10bb9dbf56bbce2d1ae52685c687ec394b36

    • SHA256

      38ec7beccfdd4eb6a127ca301a76ef794b2d24a74bae33ed0754674e0d57af74

    • SHA512

      50c655b85bef78d1c38819231b9500224edaf0edd9c837d130b284866a0715a9d1709aaf17981235c7250d9ed7926c7c9b629c8d907baf36215a5c25a870648b

    • SSDEEP

      98304:SwRElZ33Li0XUU3FMi9+Q4m1PQKqT1p1zl:ufnGcUU0xm1Psxzl

    Score
    10/10
    sectopratdiscoverypersistencerattrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Enumerates processes with tasklist

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks