sectoprat | 0b3a5a436be69f5e20ac0fd84dab58e27abb3cc5ecb821a182da5a3c25418feb | Triage

Sharing

General

Target

KSCMWOLPRKU31OY0O7IA05ZD.exe
Size

4.0MB
Sample

250209-sb8tcavnf1
MD5

0b32762b67c07329013d3b4f01b9f840
SHA1

6cc1205ae97744ae4ebfed85577404a03e4d64f0
SHA256

0b3a5a436be69f5e20ac0fd84dab58e27abb3cc5ecb821a182da5a3c25418feb
SHA512

836d54d2ff9bec071c49746e23e82ff9bafc24547ffaad6c37d18b8b9eeab47f25dd8bf88217e02cef38e298be197714177774a37689c72022f5b1795cd85ae9
SSDEEP

98304:vmH01flvieIOBNZSAHVnAELyOpGKOnxz9M5iCj:eUfhIOB/HVnfLyOOxB8vj

Score

10^/10

sectoprat discovery persistence rat spyware trojan

Malware Config

Targets

- Target
  
  KSCMWOLPRKU31OY0O7IA05ZD.exe
- Size
  
  4.0MB
- MD5
  
  0b32762b67c07329013d3b4f01b9f840
- SHA1
  
  6cc1205ae97744ae4ebfed85577404a03e4d64f0
- SHA256
  
  0b3a5a436be69f5e20ac0fd84dab58e27abb3cc5ecb821a182da5a3c25418feb
- SHA512
  
  836d54d2ff9bec071c49746e23e82ff9bafc24547ffaad6c37d18b8b9eeab47f25dd8bf88217e02cef38e298be197714177774a37689c72022f5b1795cd85ae9
- SSDEEP
  
  98304:vmH01flvieIOBNZSAHVnAELyOpGKOnxz9M5iCj:eUfhIOB/HVnfLyOOxB8vj
Score

10^/10

sectoprat discovery persistence rat spyware trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Enumerates processes with tasklist
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sectopratdiscoverypersistenceratspywaretrojan

behavioral2

sectopratdiscoverypersistenceratspywaretrojan