Overview

overview

10

Static

static

10

target.ps1

windows7-x64

8

target.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    target.ps1

  • Size

    76B

  • Sample

    250220-tmcqqaznz7

  • MD5

    a7719ce770225ad8fd81d6ad8ee8eec2

  • SHA1

    bf61e43b55a0c29362e4e152cc77040981a4fd17

  • SHA256

    3f7920a0497fdf8ee49a81e8c1ded39ac30610a758589086e5aad0cd3ccd26f9

  • SHA512

    9a0feb19432c689ee5edeb2438f4a2d652f10b68539968fa4ff84b17c6df5e3b2831823051994f4a45829ba78eb2c6281cb72da666769a00ca37687f6c01b6ac

Score
10/10
sectopratdiscoveryexecutionrattrojan

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://45.61.159.14/t/saw

Targets

    • Target

      target.ps1

    • Size

      76B

    • MD5

      a7719ce770225ad8fd81d6ad8ee8eec2

    • SHA1

      bf61e43b55a0c29362e4e152cc77040981a4fd17

    • SHA256

      3f7920a0497fdf8ee49a81e8c1ded39ac30610a758589086e5aad0cd3ccd26f9

    • SHA512

      9a0feb19432c689ee5edeb2438f4a2d652f10b68539968fa4ff84b17c6df5e3b2831823051994f4a45829ba78eb2c6281cb72da666769a00ca37687f6c01b6ac

    Score
    10/10
    executionsectopratdiscoveryrattrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks