sectoprat | 1a34c9b4500cf7859c36c102209902202fb7188aca1ba759f2d5018bf2655cc1 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

Lancaster.zip

windows10-ltsc 2021-x64

Lancaster.zip

windows11-21h2-x64

1

Sharing

General

Target

Lancaster.zip
Size

7.5MB
Sample

250312-tr9w1sxk18
MD5

aa29ff8dcbfb8156eba033e28f03a04f
SHA1

1453014278c8891fce9685c0a6bd4d079a763c24
SHA256

1a34c9b4500cf7859c36c102209902202fb7188aca1ba759f2d5018bf2655cc1
SHA512

14a8efc38a3dd0215b5b9587c80740681e0464f075ee777389e9458411590cf3cdd3eb0a7ef328effea5ae0ddc6e6af20266ed88717743cd46b364e0736c3eef
SSDEEP

196608:GHSvJ6cIKoyGu1Rox8S3E06jJ/lSeZ/zr1mzScXNwG6qyOmcwzr+o:GHSAzTZu1RoxhL6hhpzQS4Sbqxm1N

Score

10^/10

sectoprat credential_access discovery rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Lancaster.zip

Resource

win10ltsc2021-20250218-en

sectoprat credential_access discovery rat spyware stealer trojan

windows10-ltsc 2021-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

Lancaster.zip

Resource

win11-20250217-en

windows11-21h2-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  Lancaster.zip
- Size
  
  7.5MB
- MD5
  
  aa29ff8dcbfb8156eba033e28f03a04f
- SHA1
  
  1453014278c8891fce9685c0a6bd4d079a763c24
- SHA256
  
  1a34c9b4500cf7859c36c102209902202fb7188aca1ba759f2d5018bf2655cc1
- SHA512
  
  14a8efc38a3dd0215b5b9587c80740681e0464f075ee777389e9458411590cf3cdd3eb0a7ef328effea5ae0ddc6e6af20266ed88717743cd46b364e0736c3eef
- SSDEEP
  
  196608:GHSvJ6cIKoyGu1Rox8S3E06jJ/lSeZ/zr1mzScXNwG6qyOmcwzr+o:GHSAzTZu1RoxhL6hhpzQS4Sbqxm1N
Score

10^/10

sectoprat credential_access discovery rat spyware stealer trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Credential Access

Modify Authentication Process

Steal Web Session Cookie

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sectopratcredential_accessdiscoveryratspywarestealertrojan

behavioral2

© 2018-2025

Terms | Privacy