Overview

overview

10

Static

static

1

network_fix.msi

windows7-x64

6

network_fix.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    network_fix.msi

  • Size

    20.9MB

  • Sample

    250215-w8xn5aykbr

  • MD5

    2e857aab406f072738ef04bd18e8fc05

  • SHA1

    73e60b1a9ca549ff643301b91faa53c67fea7529

  • SHA256

    11a2c6854f88e833ac2fc1d4ddfe0b1ec64368a53ab3a60fe6f81e8ede764712

  • SHA512

    0672b64e53686f1cf53e9ab67e428a1afe9ba25de67996be098dcf5325b47c6d077cb7f5a40e4d6378e24bec32eb8f3b95ccff479e69116447b430f2b35c74f9

  • SSDEEP

    393216:bMabaNaYZEXw2rvHiNXvxDCjfxxeuBM7yLXgqjx6OeFJovR1zQz4lqsNCG/:IsYv27CNXifK7yrg9F2vR12s5/

Score
10/10
sectopratdiscoverypersistenceprivilege_escalationratspywarestealertrojan

Malware Config

Targets

    • Target

      network_fix.msi

    • Size

      20.9MB

    • MD5

      2e857aab406f072738ef04bd18e8fc05

    • SHA1

      73e60b1a9ca549ff643301b91faa53c67fea7529

    • SHA256

      11a2c6854f88e833ac2fc1d4ddfe0b1ec64368a53ab3a60fe6f81e8ede764712

    • SHA512

      0672b64e53686f1cf53e9ab67e428a1afe9ba25de67996be098dcf5325b47c6d077cb7f5a40e4d6378e24bec32eb8f3b95ccff479e69116447b430f2b35c74f9

    • SSDEEP

      393216:bMabaNaYZEXw2rvHiNXvxDCjfxxeuBM7yLXgqjx6OeFJovR1zQz4lqsNCG/:IsYv27CNXifK7yrg9F2vR12s5/

    Score
    10/10
    discoverypersistenceprivilege_escalationsectopratratspywarestealertrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1546

Installer Packages

1
T1546.016

Privilege Escalation

Event Triggered Execution

1
T1546

Installer Packages

1
T1546.016

Defense Evasion

System Binary Proxy Execution

1
T1218

Msiexec

1
T1218.007

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Peripheral Device Discovery

2
T1120

Query Registry

3
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks