Overview

overview

10

Static

static

1

ed56c4c1bf...48.exe

windows7-x64

10

ed56c4c1bf...48.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ed56c4c1bf05d9d47ec9b177384ac8b844e109dcaa12e7c1c1661ba53144c848.exe

  • Size

    55.0MB

  • Sample

    250128-l5nlyavrbk

  • MD5

    abdc1a46baac2dcd5bb559cd0837f197

  • SHA1

    6a14fd1ebe171f3de1d1d61b7f51b7205d1fdb7d

  • SHA256

    ed56c4c1bf05d9d47ec9b177384ac8b844e109dcaa12e7c1c1661ba53144c848

  • SHA512

    98dc6074d6a527693e37324ddc1cc6926c07c0f11bb96ecdf3bdde41889281f5bde208d6901567cab0d6199c39806abb5bc2c73e199aef31a281f4a5f1df15d6

  • SSDEEP

    1572864:q1jtZHyiLYnqk/tir8sBrDRDZhazK7tDboe0l:OjvHydqk5cn7hazO5b0l

Score
10/10
sectopratdiscoveryrattrojan

Malware Config

Targets

    • Target

      ed56c4c1bf05d9d47ec9b177384ac8b844e109dcaa12e7c1c1661ba53144c848.exe

    • Size

      55.0MB

    • MD5

      abdc1a46baac2dcd5bb559cd0837f197

    • SHA1

      6a14fd1ebe171f3de1d1d61b7f51b7205d1fdb7d

    • SHA256

      ed56c4c1bf05d9d47ec9b177384ac8b844e109dcaa12e7c1c1661ba53144c848

    • SHA512

      98dc6074d6a527693e37324ddc1cc6926c07c0f11bb96ecdf3bdde41889281f5bde208d6901567cab0d6199c39806abb5bc2c73e199aef31a281f4a5f1df15d6

    • SSDEEP

      1572864:q1jtZHyiLYnqk/tir8sBrDRDZhazK7tDboe0l:OjvHydqk5cn7hazO5b0l

    Score
    10/10
    sectopratdiscoveryrattrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks