sectoprat | 0b0abe68f13000275c162908740469a9938a5463ee07404c4f43eec8fb9299f5 | Triage

Sharing

General

Target

2025-03-29_5c07a7a4e57ee404b231bd85bb2e8602_black-basta_cobalt-strike_ryuk_satacom
Size

1.3MB
Sample

250329-2v1rhsxlv9
MD5

5c07a7a4e57ee404b231bd85bb2e8602
SHA1

76d64cdc6a5265407e1b4a75426599f29adc1b5a
SHA256

0b0abe68f13000275c162908740469a9938a5463ee07404c4f43eec8fb9299f5
SHA512

19a362b97c6d3ad2c6f7e7b9cdeb5f4abe8e2f38bba00a1805b14f48fbf0a3f8d2b408714dbcff69546728d3c06360db84c2ddb91aa2bbf3f1c9414713a2479f
SSDEEP

24576:sw4GBpehMjcuP5b4FtyA1r6LgE0WpY4yObTpRrJ/vzl9Z3ERw/KB7cn:sw4GBcz05styAYL30IyObNRrJ/7ZERQT

Score

10^/10

sectoprat credential_access discovery rat spyware stealer trojan

Malware Config

Targets

- Target
  
  2025-03-29_5c07a7a4e57ee404b231bd85bb2e8602_black-basta_cobalt-strike_ryuk_satacom
- Size
  
  1.3MB
- MD5
  
  5c07a7a4e57ee404b231bd85bb2e8602
- SHA1
  
  76d64cdc6a5265407e1b4a75426599f29adc1b5a
- SHA256
  
  0b0abe68f13000275c162908740469a9938a5463ee07404c4f43eec8fb9299f5
- SHA512
  
  19a362b97c6d3ad2c6f7e7b9cdeb5f4abe8e2f38bba00a1805b14f48fbf0a3f8d2b408714dbcff69546728d3c06360db84c2ddb91aa2bbf3f1c9414713a2479f
- SSDEEP
  
  24576:sw4GBpehMjcuP5b4FtyA1r6LgE0WpY4yObTpRrJ/vzl9Z3ERw/KB7cn:sw4GBcz05styAYL30IyObNRrJ/7ZERQT
Score

10^/10

sectoprat credential_access discovery rat spyware stealer trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Credential Access

Modify Authentication Process

Steal Web Session Cookie

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

sectopratcredential_accessdiscoveryratspywarestealertrojan