sectoprat | 115ce6446eddf3422212760d714babecf2bedbc1178c2d0990be1407fedf380f | Triage

Resubmissions

28-01-2025 18:23

250128-w1k1csxlfz 10

Sharing

General

Target

hw_update.zip
Size

3.7MB
Sample

250128-w1k1csxlfz
MD5

25d0372df2890f5e2c8f861aba619546
SHA1

33e638d7c0ec8013b790f6326f7ccecd9afd7bce
SHA256

115ce6446eddf3422212760d714babecf2bedbc1178c2d0990be1407fedf380f
SHA512

8a982f3873340bf95c3fba8efbc5c9d80a04b042b4daa2f01e247ab28ca645162925e237e71f6f2d57eec73787d09e101f93912bd235065209d240030e9dc7d7
SSDEEP

98304:e2UuIEWPinaJLLmlzNCS9+AwadoOIL4uih:erXqnuCchAS0uih

Score

10^/10

sectoprat discovery rat spyware trojan

Malware Config

Targets

- Target
  
  Package/Compil32.exe
- Size
  
  4.0MB
- MD5
  
  20d23b37c54fc1434ff3105a165cdac7
- SHA1
  
  9cb3811fb5f2ecacadc831d82e7e850abedc19ae
- SHA256
  
  8fa9074cd74cbcedc44b12999dbc5f4e51ea82caa24be18b073686229f1f9db8
- SHA512
  
  40eb9cc31a97996237e69d975efc1a3c22297403bef211427752926a331e9913801bacc7236e4a67ce988c110ccbda3dbd3e65bcc185d512cfc951b0e05fb409
- SSDEEP
  
  98304:ByzK9w6TfpPaVG5I+Juv5380exR4KuNFL3N:QWViB3Mwx
Score

10^/10

sectoprat discovery rat spyware trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Package/ISCmplr.dll
- Size
  
  1.4MB
- MD5
  
  c60b1956a21b2b79c3a0ddc10ddd01c0
- SHA1
  
  d4362e652e06dcb0b6ac26e69ecc38b129c9b6f2
- SHA256
  
  18dd5c992a02f29dca485fce30284e975d8e8c242f577e7e7a3a2fe109489898
- SHA512
  
  94e2612ec6de026e143fd11c9fb1a1831bb421f279ec3677600d20b2974580da4301da941c50f252176a1e04fcdc4438aa175d5efe462a817eedcdeebe6c37a5
- SSDEEP
  
  24576:evpi+m5gcRqRhfZJbeijupnY88z7XcjORV7:EYHg90tn8z0ORV
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

sectopratdiscoveryratspywaretrojan

behavioral2

sectopratdiscoveryratspywaretrojan

behavioral3

behavioral4