Overview

overview

10

Static

static

1

383af7126e...6c.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    383af7126e2e28748b4b75c66cc3406933a935931185d37b672a033cb193a26c.exe

  • Size

    1.9MB

  • Sample

    250306-znyx8sxsh1

  • MD5

    538aeeefac0c750a2f506a6f3815c7ae

  • SHA1

    4ae1eb347e7f73618824d1c5e58dd7f0eab31848

  • SHA256

    383af7126e2e28748b4b75c66cc3406933a935931185d37b672a033cb193a26c

  • SHA512

    ae7eb66f9e2e83442a72b9b837e3ab0d36fa16cf8b45609055d569d2d1e63c63190eb93079450a60fb3b908844144b186c6e180a0c586a7c82fd0f2290890c81

  • SSDEEP

    24576:RMjhoB0NyTZsOtuzkYSDmzfTDIas2Mko9DTTQjrChAkBIsamQFrj0p/C2Y:oRy1sOLDMaRkUTQfkBIS0D7

Score
10/10
sectopratdiscoveryexecutionrattrojan

Malware Config

Targets

    • Target

      383af7126e2e28748b4b75c66cc3406933a935931185d37b672a033cb193a26c.exe

    • Size

      1.9MB

    • MD5

      538aeeefac0c750a2f506a6f3815c7ae

    • SHA1

      4ae1eb347e7f73618824d1c5e58dd7f0eab31848

    • SHA256

      383af7126e2e28748b4b75c66cc3406933a935931185d37b672a033cb193a26c

    • SHA512

      ae7eb66f9e2e83442a72b9b837e3ab0d36fa16cf8b45609055d569d2d1e63c63190eb93079450a60fb3b908844144b186c6e180a0c586a7c82fd0f2290890c81

    • SSDEEP

      24576:RMjhoB0NyTZsOtuzkYSDmzfTDIas2Mko9DTTQjrChAkBIsamQFrj0p/C2Y:oRy1sOLDMaRkUTQfkBIS0D7

    Score
    10/10
    sectopratdiscoveryexecutionrattrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to execute payload.

      execution
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks