sectoprat | 8afa3ec25a09a7b41f78fd1cd3d69de3c55c158b9c99f58c59db15220d520636 | Triage

Sharing

General

Target

2025-03-29_9dbe5cb9c6e6dcc6bbda409b0e2f60ab_black-basta_cobalt-strike_ryuk_satacom
Size

1.3MB
Sample

250329-1pwd6stzbz
MD5

9dbe5cb9c6e6dcc6bbda409b0e2f60ab
SHA1

cafa259bf42b79ebc467ce248cab97b55876e51f
SHA256

8afa3ec25a09a7b41f78fd1cd3d69de3c55c158b9c99f58c59db15220d520636
SHA512

d89a36bb13e5da61a16b8e8a174d30e916d5d2f5012b490d5355d1817cc060a9c7b33954a59f185dc61784317734071bc49dfcbeddd073aa978023f9a52cde9f
SSDEEP

24576:2w4GBpehMjcuP5b4FtyA1r6LgE0WpY4yObTpRrJ/vzl9Z3ERw/KB7cot:2w4GBcz05styAYL30IyObNRrJ/7ZERQ0

Score

10^/10

sectoprat credential_access discovery rat spyware stealer trojan

Malware Config

Targets

- Target
  
  2025-03-29_9dbe5cb9c6e6dcc6bbda409b0e2f60ab_black-basta_cobalt-strike_ryuk_satacom
- Size
  
  1.3MB
- MD5
  
  9dbe5cb9c6e6dcc6bbda409b0e2f60ab
- SHA1
  
  cafa259bf42b79ebc467ce248cab97b55876e51f
- SHA256
  
  8afa3ec25a09a7b41f78fd1cd3d69de3c55c158b9c99f58c59db15220d520636
- SHA512
  
  d89a36bb13e5da61a16b8e8a174d30e916d5d2f5012b490d5355d1817cc060a9c7b33954a59f185dc61784317734071bc49dfcbeddd073aa978023f9a52cde9f
- SSDEEP
  
  24576:2w4GBpehMjcuP5b4FtyA1r6LgE0WpY4yObTpRrJ/vzl9Z3ERw/KB7cot:2w4GBcz05styAYL30IyObNRrJ/7ZERQ0
Score

10^/10

sectoprat credential_access discovery rat spyware stealer trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Credential Access

Modify Authentication Process

Steal Web Session Cookie

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

sectopratcredential_accessdiscoveryratspywarestealertrojan