Overview

overview

10

Static

static

3

ef0fc4d1fd...ec.exe

windows7-x64

10

ef0fc4d1fd...ec.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ef0fc4d1fd71b53bc88e2a2347195385f1a25b42254de683011fc4388ca796ec.exe

  • Size

    4.2MB

  • Sample

    250120-fnz1rasqbm

  • MD5

    499eba0173a1c75ee669125b067f5b2c

  • SHA1

    667747f8bb3451f56acc2a618c1f91be806a680f

  • SHA256

    ef0fc4d1fd71b53bc88e2a2347195385f1a25b42254de683011fc4388ca796ec

  • SHA512

    5b15fa3740a56fdadbbe7af067bb2f5aab86a314dacf080bca4aaef0d86bc42955ef915b603876c5feee4b51c5f01db8e4564144239ad25c6dbe2561656141de

  • SSDEEP

    98304:cKaAh0104NS7FGwCh1CTLBMtMeUjafSUYGzSxYcM/Ep:vlaf4XCbCTLBgMeUTYSScQEp

Score
10/10
sectopratdiscoveryrattrojan

Malware Config

Targets

    • Target

      ef0fc4d1fd71b53bc88e2a2347195385f1a25b42254de683011fc4388ca796ec.exe

    • Size

      4.2MB

    • MD5

      499eba0173a1c75ee669125b067f5b2c

    • SHA1

      667747f8bb3451f56acc2a618c1f91be806a680f

    • SHA256

      ef0fc4d1fd71b53bc88e2a2347195385f1a25b42254de683011fc4388ca796ec

    • SHA512

      5b15fa3740a56fdadbbe7af067bb2f5aab86a314dacf080bca4aaef0d86bc42955ef915b603876c5feee4b51c5f01db8e4564144239ad25c6dbe2561656141de

    • SSDEEP

      98304:cKaAh0104NS7FGwCh1CTLBMtMeUjafSUYGzSxYcM/Ep:vlaf4XCbCTLBgMeUTYSScQEp

    Score
    10/10
    sectopratdiscoveryrattrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks