General
-
Target
2025-03-29_392302dfe37da0cccf1fb697acedff42_black-basta_cobalt-strike_ryuk_satacom
-
Size
2.4MB
-
Sample
250329-3x3jkav1cs
-
MD5
392302dfe37da0cccf1fb697acedff42
-
SHA1
19772d3d90212fe5d92f3b30ff7eda7af8131435
-
SHA256
13043c23e4ab0578409c324821d4fa8996575d25fbab0df7563e4f651377e679
-
SHA512
5469c8df55ad7eb2e693965fc54fb2fac1b95492f452855d23fe73ac113d92abf6ed820fc01555ef87412b458b5e145f4b8c3e0a9c0fb243436f0eac9f0c7ba3
-
SSDEEP
24576:MiB4QbCAnGZPk/jhW2DQQ3iF2K8+2ntZ8oWy91r6LgE0WpY4yObTpRrJ/vzl9Z3J:MiB490ywYL30IyObNRrJ/7ZERQKgn
Malware Config
Targets
-
-
Target
2025-03-29_392302dfe37da0cccf1fb697acedff42_black-basta_cobalt-strike_ryuk_satacom
-
Size
2.4MB
-
MD5
392302dfe37da0cccf1fb697acedff42
-
SHA1
19772d3d90212fe5d92f3b30ff7eda7af8131435
-
SHA256
13043c23e4ab0578409c324821d4fa8996575d25fbab0df7563e4f651377e679
-
SHA512
5469c8df55ad7eb2e693965fc54fb2fac1b95492f452855d23fe73ac113d92abf6ed820fc01555ef87412b458b5e145f4b8c3e0a9c0fb243436f0eac9f0c7ba3
-
SSDEEP
24576:MiB4QbCAnGZPk/jhW2DQQ3iF2K8+2ntZ8oWy91r6LgE0WpY4yObTpRrJ/vzl9Z3J:MiB490ywYL30IyObNRrJ/7ZERQKgn
Score10/10-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Sectoprat family
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
1Credentials In Files
1