sectoprat | 1002b5f38bce8988215ebfb62452d5f19279053573c0faf071f651861ca4ad28 | Triage

Submit
Reports

Overview

overview

Static

static

1

1002b5f38b...28.exe

windows7-x64

1002b5f38b...28.exe

windows10-2004-x64

Sharing

General

Target

1002b5f38bce8988215ebfb62452d5f19279053573c0faf071f651861ca4ad28.exe
Size

55.0MB
Sample

250128-l7m37avqdw
MD5

5653ea2576b83a727ad2de3a95cb0150
SHA1

89fc6e98adcb3fe597db6315460180b3812fa439
SHA256

1002b5f38bce8988215ebfb62452d5f19279053573c0faf071f651861ca4ad28
SHA512

e0b4a11a4105eb917a2479704430d77e6dd87714e66fc7ea8500e4d40d63cef071d6aca1c0d3f73ae79f2006beec08ff1cb6d5d80546260ea74bcdc42f59d928
SSDEEP

1572864:k1jtZHyiLYnqk/tir8sBrDRDZhazK7tDboe0+:4jvHydqk5cn7hazO5b0+

Score

10^/10

sectoprat discovery rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

1002b5f38bce8988215ebfb62452d5f19279053573c0faf071f651861ca4ad28.exe

Resource

win7-20241010-en

sectoprat discovery rat spyware stealer trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

1002b5f38bce8988215ebfb62452d5f19279053573c0faf071f651861ca4ad28.exe

Resource

win10v2004-20241007-en

sectoprat discovery rat trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  1002b5f38bce8988215ebfb62452d5f19279053573c0faf071f651861ca4ad28.exe
- Size
  
  55.0MB
- MD5
  
  5653ea2576b83a727ad2de3a95cb0150
- SHA1
  
  89fc6e98adcb3fe597db6315460180b3812fa439
- SHA256
  
  1002b5f38bce8988215ebfb62452d5f19279053573c0faf071f651861ca4ad28
- SHA512
  
  e0b4a11a4105eb917a2479704430d77e6dd87714e66fc7ea8500e4d40d63cef071d6aca1c0d3f73ae79f2006beec08ff1cb6d5d80546260ea74bcdc42f59d928
- SSDEEP
  
  1572864:k1jtZHyiLYnqk/tir8sBrDRDZhazK7tDboe0+:4jvHydqk5cn7hazO5b0+
Score

10^/10

sectoprat discovery rat spyware stealer trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

sectopratdiscoveryratspywarestealertrojan

behavioral2

sectopratdiscoveryrattrojan

© 2018-2025

Terms | Privacy