Overview

overview

10

Static

static

3

f533a1a6bb...e6.exe

windows7-x64

10

f533a1a6bb...e6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f533a1a6bbb0202eef4218189bfece12402b1d7a3cb5ab4f60715d2e870a44e6.exe

  • Size

    3.8MB

  • Sample

    250120-fqneqssndz

  • MD5

    f1acca2781c6f31989fb868af45885ab

  • SHA1

    30a06923775f424f8449452df7755c107e8cb5d5

  • SHA256

    f533a1a6bbb0202eef4218189bfece12402b1d7a3cb5ab4f60715d2e870a44e6

  • SHA512

    3e10116ea0dff08901970e8cf13f249f7c614a2075c1dec59b93e002a268d897ed8f73bba328bfccc77acfee4182477734254df22a62ad2e7cdd6d3175c242b3

  • SSDEEP

    98304:cKaAh0104NS7FGwCh1CTLBMtMeUjafSUYGzXqjTrZ1:vlaf4XCbCTLBgMeUTYav7

Score
10/10
sectopratdiscoveryrattrojan

Malware Config

Targets

    • Target

      f533a1a6bbb0202eef4218189bfece12402b1d7a3cb5ab4f60715d2e870a44e6.exe

    • Size

      3.8MB

    • MD5

      f1acca2781c6f31989fb868af45885ab

    • SHA1

      30a06923775f424f8449452df7755c107e8cb5d5

    • SHA256

      f533a1a6bbb0202eef4218189bfece12402b1d7a3cb5ab4f60715d2e870a44e6

    • SHA512

      3e10116ea0dff08901970e8cf13f249f7c614a2075c1dec59b93e002a268d897ed8f73bba328bfccc77acfee4182477734254df22a62ad2e7cdd6d3175c242b3

    • SSDEEP

      98304:cKaAh0104NS7FGwCh1CTLBMtMeUjafSUYGzXqjTrZ1:vlaf4XCbCTLBgMeUTYav7

    Score
    10/10
    sectopratdiscoveryrattrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks