Overview

overview

10

Static

static

3

2bd0a19e07...d6.exe

windows7-x64

10

2bd0a19e07...d6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2bd0a19e0727d2c719d2720e14922a93e73a0b9a1cc0ca294af4a4a49c2555d6.exe

  • Size

    4.1MB

  • Sample

    250120-cmd54swmbs

  • MD5

    ae6fc990a0ac98c194956956411c571d

  • SHA1

    bbf60876c477672a96ecd3b1a9e7f6887fd24ce5

  • SHA256

    2bd0a19e0727d2c719d2720e14922a93e73a0b9a1cc0ca294af4a4a49c2555d6

  • SHA512

    a977809154a3c3480b58ab71e5520f53de4d84730eca6de405e8d50003142c70435f1fc2ac010095245b0bd5de1273a61eb70bd1edb7b361c2959f5a7360de89

  • SSDEEP

    98304:cKaAh0104NS7FGwCh1CTLBMtMeUjafSUYGzHa5VRX:vlaf4XCbCTLBgMeUTYmRX

Score
10/10
sectopratdiscoveryrattrojan

Malware Config

Targets

    • Target

      2bd0a19e0727d2c719d2720e14922a93e73a0b9a1cc0ca294af4a4a49c2555d6.exe

    • Size

      4.1MB

    • MD5

      ae6fc990a0ac98c194956956411c571d

    • SHA1

      bbf60876c477672a96ecd3b1a9e7f6887fd24ce5

    • SHA256

      2bd0a19e0727d2c719d2720e14922a93e73a0b9a1cc0ca294af4a4a49c2555d6

    • SHA512

      a977809154a3c3480b58ab71e5520f53de4d84730eca6de405e8d50003142c70435f1fc2ac010095245b0bd5de1273a61eb70bd1edb7b361c2959f5a7360de89

    • SSDEEP

      98304:cKaAh0104NS7FGwCh1CTLBMtMeUjafSUYGzHa5VRX:vlaf4XCbCTLBgMeUTYmRX

    Score
    10/10
    sectopratdiscoveryrattrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks