Overview

overview

10

Static

static

1

08.msi

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    08.qtt

  • Size

    5.7MB

  • Sample

    250325-zp9q5awlw4

  • MD5

    436b14fb3637af66cfd787869decbb6f

  • SHA1

    b94dab2a8de781973507172017019f0d89527056

  • SHA256

    1bd7e0c46933e8dc11cb5375fe14600575ceed6f09fc14fc8b56032524f8bb42

  • SHA512

    caad869b295e222c0999a8eee8f270e2d1b937484c69cbf9154211db4f30237d4277ae1549e34fe842f8dbf72660c2d3023eb65bad90d07cec2a23f902b2c0dd

  • SSDEEP

    98304:9Yrd1ALFlGmyUMCW/x/64I7gXbzZFx7eG7eI243u/HyuuOneWFug3X:2yFlPyU32i4ISNh5243u/HAlW

Score
10/10
sectopratdiscoverypersistenceprivilege_escalationrattrojan

Malware Config

Targets

    • Target

      08.qtt

    • Size

      5.7MB

    • MD5

      436b14fb3637af66cfd787869decbb6f

    • SHA1

      b94dab2a8de781973507172017019f0d89527056

    • SHA256

      1bd7e0c46933e8dc11cb5375fe14600575ceed6f09fc14fc8b56032524f8bb42

    • SHA512

      caad869b295e222c0999a8eee8f270e2d1b937484c69cbf9154211db4f30237d4277ae1549e34fe842f8dbf72660c2d3023eb65bad90d07cec2a23f902b2c0dd

    • SSDEEP

      98304:9Yrd1ALFlGmyUMCW/x/64I7gXbzZFx7eG7eI243u/HyuuOneWFug3X:2yFlPyU32i4ISNh5243u/HAlW

    Score
    10/10
    sectopratdiscoverypersistenceprivilege_escalationrattrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks