sectoprat | 6d97edcab4d3d2e18c5d321b443be7b6d21084a305413de465a4e92f6df720c5 | Triage

Sharing

General

Target

6d97edcab4d3d2e18c5d321b443be7b6d21084a305413de465a4e92f6df720c5.zip
Size

1.8MB
Sample

250218-jqnx2syncp
MD5

ffdaec4e816f66406a5c25b46a00fd73
SHA1

8251b100a65fc7df3e6ad1c68c12c8642f44dcd4
SHA256

6d97edcab4d3d2e18c5d321b443be7b6d21084a305413de465a4e92f6df720c5
SHA512

f153850d87e1cde269cb3833b9079b8a75f39bd2bf9803feb2dbb80243946fbac27b33103b5717b6ce0bcaf60bc1a1fa3ec9a213b22c2f915dde0a5949685a02
SSDEEP

49152:5qTfGN7Gysm+DSbzoevdoOWRYITEhY4Q+9df+xyhh0gaAV:oCBAmPFv6f2ITEhY0fQh6

Score

10^/10

sectoprat discovery rat trojan

Malware Config

Targets

- Target
  
  Manifest/DuiLib_u.dll
- Size
  
  840KB
- MD5
  
  27cdf66f9b92629a7dc8109d9590efec
- SHA1
  
  fc96fa0eae6d60adea067f17e9de063597f3227e
- SHA256
  
  5919ad0385b6465801fb44c00a79ec224a14cb8655c883ba4b564449fa3dcefd
- SHA512
  
  90f9bcacab284fa91d051a73f197b17049801130cf17df5f8b7656b92c19deccbd72659d12226897f47d16da37cf05fca96be5cf3688ff8bc297630e9c2ab554
- SSDEEP
  
  12288:Bcy4dL6U7sUGCzzOOUS/9v8W7ykIYEviIMm:BId9CcUS/90IyBYa1
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Manifest/SplashWin.exe
- Size
  
  446KB
- MD5
  
  4d20b83562eec3660e45027ad56fb444
- SHA1
  
  ff6134c34500a8f8e5881e6a34263e5796f83667
- SHA256
  
  c5e650b331fa5292872fdaede3a75c8167a0f1280ce0cd3d58b880d23854bdb1
- SHA512
  
  718bd66fcff80b8008a4523d88bd726cdbc95e6e7bdb3f50e337e291294505ed54e6f5995d431968b85415e96f6f7ed37381ca021401ad57fda3b08a1f0c27f4
- SSDEEP
  
  3072:unfVdw78434ei8HQbmiFp4KA+3Glxlwim2n/Xq0DdMqsxN4GnLG5N:W9dKxn/Xq082GLGX
Score

10^/10

sectoprat discovery rat trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  Manifest/basinful.odp
- Size
  
  58KB
- MD5
  
  984e6cd075b61eb5993f0a103c37e6cd
- SHA1
  
  8ef89a1fe86c6b5e34b50962738bee7fd1f40cae
- SHA256
  
  37cfc0ece89f5b3acd99a90d56357f1bf27d35a10977bb2fac6a1d2ddc649258
- SHA512
  
  af0c3625c29e95c9693ba7f2164941453d1e0aec74eddda1f74ec412e732a697987074ca29c9d0c6b5b7571014a212f4295d19cb10be7616c1feca032bdf321c
- SSDEEP
  
  1536:jQY3ruZuYgWqNzYsZ2bQJqHGBOl/Fm2LianahD:jQoEuYgW8FMQYmM66r4
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Manifest/msvcp140.dll
- Size
  
  437KB
- MD5
  
  e9f00dd8746712610706cbeffd8df0bd
- SHA1
  
  5004d98c89a40ebf35f51407553e38e5ca16fb98
- SHA256
  
  4cb882621a3d1c6283570447f842801b396db1b3dcd2e01c2f7002efd66a0a97
- SHA512
  
  4d1ce1fc92cea60859b27ca95ca1d1a7c2bec4e2356f87659a69bab9c1befa7a94a2c64669cef1c9dadf9d38ab77e836fe69acdda0f95fa1b32cba9e8c6bb554
- SSDEEP
  
  12288:9822+H2EIqZ14mVYh8vN4xyoZPeKjuYMc+MQQQjhUgiW6QR7t5s03Ooc8dHkC2eF:9822+H2Y4mVYh44xyoZPHaw03Ooc8dHd
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Manifest/vcruntime140.dll
- Size
  
  74KB
- MD5
  
  a554e4f1addc0c2c4ebb93d66b790796
- SHA1
  
  9fbd1d222da47240db92cd6c50625eb0cf650f61
- SHA256
  
  e610cdac0a37147919032d0d723b967276c217ff06ea402f098696ab4112512a
- SHA512
  
  5f3253f071da3e0110def888682d255186f2e2a30a8480791c0cad74029420033b5c90f818ae845b5f041ee4005f6de174a687aca8f858371026423f017902cc
- SSDEEP
  
  1536:JhQmqDRK9IfURwL67cuhH6poqPpep4yW3UecbiT18ozr:Jh+DRGI86L6gshupXUecbiTB
Score

3^/10

discovery
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

sectopratdiscoveryrattrojan

behavioral4

sectopratdiscoveryrattrojan

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10