sectoprat

Sharing

Copy URL

Twitter E-mail

General

Target

27f189120b24ae77cc828653c93a89525994b9adf21c8fc55800469c562611d9.zip
Size

7.5MB
Sample

250218-jt9c6aynbv
MD5

cc7426d3d49798f6c38e69defbec82c6
SHA1

9a5ab04dfe1fdb35e013be794dc86e50beb4eb86
SHA256

27f189120b24ae77cc828653c93a89525994b9adf21c8fc55800469c562611d9
SHA512

46005487f4e53b0b59e4c785800ae5035ceb08eabd1fbf921e36789a189331b3694a407edaa55751e72ef3c6f1207a2618bbc1ee30b6bce4bd58b126a5cad64a
SSDEEP

98304:WRuix36kt5+JTjpBAMT55WWBrPdYdRU6usCbzKDYxUki9KJ72ePh:WRuix3rt54dVT5njYFuHI+ikJ72e5

Score

10^/10

Malware Config

Targets

- Target
  
  Compil32.exe
- Size
  
  4.0MB
- MD5
  
  20d23b37c54fc1434ff3105a165cdac7
- SHA1
  
  9cb3811fb5f2ecacadc831d82e7e850abedc19ae
- SHA256
  
  8fa9074cd74cbcedc44b12999dbc5f4e51ea82caa24be18b073686229f1f9db8
- SHA512
  
  40eb9cc31a97996237e69d975efc1a3c22297403bef211427752926a331e9913801bacc7236e4a67ce988c110ccbda3dbd3e65bcc185d512cfc951b0e05fb409
- SSDEEP
  
  98304:ByzK9w6TfpPaVG5I+Juv5380exR4KuNFL3N:QWViB3Mwx
Score

10^/10

sectoprat discovery rat trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  ISCmplr.dll
- Size
  
  654.4MB
- MD5
  
  0388fe30094d401f387bfc5c4356d770
- SHA1
  
  46e192248ab0d13ebae023138681036ce77c445c
- SHA256
  
  9610bc6f0249cdc5a0e2f651122a0eebd9393284e2ad2cfbf3a5ff294a0acdc8
- SHA512
  
  d3d96ee0f3024e3b4a1b1853c568197f4b55921ac77e3e2774629af9cb0ddfc4b1c2f53ba534217fdea7d6c81aaa58958d3d03d0da46c61dce840ae19dfc2ccb
- SSDEEP
  
  24576:qvpC+m5gcRqRhfZJbeijupnY88z7XcjOROJo:AkHg90tn8z0OROO
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  bindcompdbx290.bpl
- Size
  
  338KB
- MD5
  
  34929ad042282a3098fbd9eb2585edf1
- SHA1
  
  05f6c2a54a91692463dc9b15a43e98068b4c2775
- SHA256
  
  d4754e49dab4b1083be1793de01d680ccc357b7872203eb24337a442e9f671f9
- SHA512
  
  2a24527110356d4def51caa67d415d96394972f0c5a3ce95e8860c581a44d4262026f0937e71eda095adc6751ff9d4415f68efab23570a6d720796cd5cbf5901
- SSDEEP
  
  6144:bCsS7RuBe1SslzGocbuH1gnFH+bOKxM3tAfZu8:4lzGocbuH1gnFH+7xat8
Score

1^/10
behavioral5 behavioral6
- Target
  
  bindcompfmx290.bpl
- Size
  
  1.1MB
- MD5
  
  5449789fca1d966c9194d8063e028c72
- SHA1
  
  3993050197ea3ec0667cf65230b46497ac2b9637
- SHA256
  
  a9fc8861dd2e1f7abaefbd317156221091471bc7bf141d105147deb1881adc25
- SHA512
  
  afb66f678847c7bf42d3ead73534698b95d40b9f6f087d728324af3f479195d151113591c564720faf49b719efc299ecd9fbc5289b0a3bbfc4223f80e1faece5
- SSDEEP
  
  6144:IE6GPBHMRGIiWjmJTknSRuhCjSe5Wubyi3yw+JBwhDKatfh:vtFxWdnRCjSI3yfJBwhDKatfh
Score

1^/10
behavioral7 behavioral8
- Target
  
  bindcompvcl290.bpl
- Size
  
  439KB
- MD5
  
  5c44c8c04919a959d03f47996ee0e133
- SHA1
  
  4d70f869b33f30fd1d6b40654504774d12f627df
- SHA256
  
  f07bb6dcd50ee81d1a00f2e56ec959d449a1b445e60801f8ed1016c976c2647e
- SHA512
  
  08a3a6a9cb4701f7de732d7ce15476fc99e1070da875c50eb37e50f7a787d40e55a2a4097e88a0a3849e00891a5838bbdf560fc98d63bd0f1f6494569eb1baed
- SSDEEP
  
  6144:GSYswQcpI/2XVWOPezyt0FgLYgQC9XUfGSG:ZcpI/QVWFzruXAGSG
Score

1^/10
behavioral10 behavioral9
- Target
  
  dsnap290.bpl
- Size
  
  594KB
- MD5
  
  b200bc9ad146fdf9874a35848822e5eb
- SHA1
  
  c93fdf4babdace5e4d99f76852641dc78450fe5d
- SHA256
  
  686f8fc15111ac3c165d779a0298663f653d55643f7ae9d3c2e9943221273429
- SHA512
  
  732daa9c17a4488bbf4bb0cb31eeb56ec2b1fae5881d1d16c520ffc77f69b1c3626f5f6458525fc190fe6d304e7fee178291ce79d1f3363f3fb480e1562316cd
- SSDEEP
  
  3072:Z+r+UAP02WP/AVVvKifQC/T5yq38McK2DFUIg8hsNrsZioJ0wBkhuqj0Qy+vZb5d:Ir+0s7QC/dsMcKYdQPSDSA/mJj9sOOe7
Score

1^/10
behavioral11 behavioral12
- Target
  
  dsnapcon290.bpl
- Size
  
  199KB
- MD5
  
  42ecd044764e64ea469f4e12bc07f608
- SHA1
  
  27548d8cc19020ebd89b7661b6b18952dc85c049
- SHA256
  
  ee1629002e71d43546776607993851c6e5bbe529e3e8694fd4dcd52ee162ccdc
- SHA512
  
  9c2dff533dcf5d343263f6c17d62c3cec6abf1f038c68b44331088ca28b7d80cb8ca0ab0b8175f44f59919b3360a0c3e328789c7c6ac141e9ccc4b581d4176cd
- SSDEEP
  
  1536:pOd65bxa8tA2Yv/XQ9Fwh67YyCDAzexfZ1EyK22zK/1RKW3BDofZaRpKmKAU26TZ:lbo8toXMGh6ZMbE6KWEa/KHHxw2d
Score

1^/10
behavioral13 behavioral14
- Target
  
  dsnapxml290.bpl
- Size
  
  58KB
- MD5
  
  4d2f88dfdef3eb77fc822dc6b4a7b86c
- SHA1
  
  b13a387735c2dc715defb9aa99ef61bd8293c403
- SHA256
  
  fd2e1b4b41828252ad0e6e194cb6f84333829b791ea04bd4b7900f83e517444e
- SHA512
  
  31f9eecbc04bdb6a91055079a7c79c431354a7be6bf7c1df1938d6ec5d35e5c4a14470bfefcfde8897f29493ca92d454e68a9c8e0fcb1cb78d4606642c02ed08
- SSDEEP
  
  768:6Zdm/CPIrJUntMOssssssssE3xq3xnuSU2htxvBEsPX:ud6CP/CLMZuSjhtxhPX
Score

1^/10
behavioral15 behavioral16
- Target
  
  dunitrtl290.bpl
- Size
  
  473KB
- MD5
  
  6686f73d1a0413365dd3f5d8f2fd93cd
- SHA1
  
  f24b6086aa61ec96c97eb5a7488fd85bb836d82e
- SHA256
  
  910bc779297a6d9729ff3f51d7b6cb358df69c6941101aa5654491ea510a73a6
- SHA512
  
  818a612bb3c18450f0cc7d6f45d04d2496d609c6120eb897012ff3ca631d66ab72a042ddff905ea8fbb851c5852779febe591078146b6c4989528632ae2f56ce
- SSDEEP
  
  6144:XhD7iRKlhRnCWYabau5AijOp0CRLoQ3oYwqNvSBxNcC5JQRgfr:XLNnWytc8QWfr
Score

1^/10
behavioral17 behavioral18
- Target
  
  emsclient290.bpl
- Size
  
  537KB
- MD5
  
  1b0c61f85d14984e0f7ac7589c0f0a83
- SHA1
  
  a51f94ec5a031242cf2f9305307484178dd69f52
- SHA256
  
  d32d02c1102a7645ec5af85289b2d445aadb6645374a7b04c8bb3f4479c9c522
- SHA512
  
  a787ca0729b13de24bb7ae101e7dac4129ef625ea483c9cf58c4581ff48ca1ee757a67cb122130da927e2fb40d6aa3c5bf0f7944dd712d5c935cecfc0aa2efa7
- SSDEEP
  
  6144:PqfNVxGpWAA9JJL58zV1cYiAYwGQu0YkOYyDCxs7rLCAceq3X:PqfNfWZuvkACxs7rnq3X
Score

1^/10
behavioral19 behavioral20
- Target
  
  emsclientfiredac290.bpl
- Size
  
  72KB
- MD5
  
  3c55d794bbf87837c97ded8edb5b217b
- SHA1
  
  c946899b6f7c4f603e7904b6bf4e5289351c9ace
- SHA256
  
  81afc6e39f82836e359004207b786832566c456e0864cbb6cd3bf7d90cc04716
- SHA512
  
  330fb31ef0c1f9040c714c7afd3ac948976c753cd8d04515f605b551502047bbe884aabfc10556155173c8dd025c4b4b14ff5ae4e6f4230503892a08cc40330f
- SSDEEP
  
  768:Xdd4MPtxrEeIuiWfk7oIkARWj1xssssssssyo2oCVU2yqMGpDtxvBEsP0e:Nd5P3kmARo9p6PPDtxhPb
Score

1^/10
behavioral21 behavioral22
- Target
  
  emsedge290.bpl
- Size
  
  273KB
- MD5
  
  0523b2a3a9bc35b1413edc48b390ee92
- SHA1
  
  23d2f273409f9d89e2de0fe0d5a935766357f877
- SHA256
  
  51143db29e8872027f5442217f9a77343ea2fb877e85c95a6c2baa993b5c1fd1
- SHA512
  
  e11eb2d091abf8218b38094d7a26faedafcc3e42c49fe37be9e81998468984f6317e1ce86e28b55bf183aaf52e79cb3b1f20c6d50d9057b2532f4cd0c83ec305
- SSDEEP
  
  3072:3vUJFGT7C1AVGGeA+LUCIJqT+l+ve/eGLvlj05utd5:3vUNAYAKwJqT+l+vYeGRQE75
Score

1^/10
behavioral23 behavioral24
- Target
  
  emshosting290.bpl
- Size
  
  761KB
- MD5
  
  af28c79c392b239db5b4c870cee62e6d
- SHA1
  
  543ba2042940e6a3fad5d95bfc06cabb46ceb014
- SHA256
  
  04102ccbd843f0f825a979f9e4ac57021e7250b02d6eb8eee18a6125fda47725
- SHA512
  
  34849fdb3f30170906fc30caf872d28949e14bcad541a22377d32f8bffea88e19e959d74c41e87356d03750f8448e530dba77994fdf7d5679e3e0ddad0161e7c
- SSDEEP
  
  6144:BYVHcgaNd9WVVin09OWCMCUEFbQzO3VyTpx7VV3yuJTZAi1tSMoiMlhVxZD:rd9wVin09OWBCUEFbsO3VgnDCEjoi8hJ
Score

1^/10
behavioral25 behavioral26
- Target
  
  rectum.pptx
- Size
  
  56KB
- MD5
  
  97be2802620294b180fa4e025f5580e1
- SHA1
  
  d405925fef2329436e982025cb85b2b97d2d57f7
- SHA256
  
  9b73dd457bf7ef276c3aaabda5f184b5d7bcf4e350744977aa16d17fcb1523d1
- SHA512
  
  1125d6451431507dfe64cf54c8445a3aeb18786c2a16a6a8e88405fe6be8f94cbfe4b8188a6e7c01868d64335b6288a7648ffaa100fba5fb6080096d95aa53d5
- SSDEEP
  
  1536:2ZOhGAThkQpEbl6QHsYhxbQ6z+QvceWF1UnA:kgNhLEbl6QR/cM6F1UA
Score

3^/10

discovery
behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

SectopRAT payload

Sectoprat family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28