Overview

overview

10

Static

static

10

SLAGGGLX.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SLAGGGLX.msi

  • Size

    6.2MB

  • Sample

    250407-phwktayxds

  • MD5

    e1b11ab17b672dc15339a4eea17d3be7

  • SHA1

    7dd1111c168f544929caf7e1ba8b2d790aa5ce77

  • SHA256

    7a79c311f24811999c14cef556da34f933dfd82b1a568b064034634941314369

  • SHA512

    37e2a1d26a6386e25fff7cd6e23742565f96fdcf6967e953d5767a3d4378a26bf9959c4ab4c38401f79812ff395ee9b907eea93917b8d2035971869db17fffc1

  • SSDEEP

    98304:TRJYyhT6Sug1IPY2hiLOORwc3xyoZMEHGgS6y4wi36gZByUBXGo7FQ3:t9GjoKo/S6y4ZdZsUBXGYQ3

Score
10/10
hijackloadersectopratdiscoverypersistenceprivilege_escalationrattrojan

Malware Config

Extracted

Family

hijackloader

Attributes
  • directory

    %APPDATA%\Protectchrome_beta

  • inject_dll

    %windir%\SysWOW64\pla.dll

xor.hex

Targets

    • Target

      SLAGGGLX.msi

    • Size

      6.2MB

    • MD5

      e1b11ab17b672dc15339a4eea17d3be7

    • SHA1

      7dd1111c168f544929caf7e1ba8b2d790aa5ce77

    • SHA256

      7a79c311f24811999c14cef556da34f933dfd82b1a568b064034634941314369

    • SHA512

      37e2a1d26a6386e25fff7cd6e23742565f96fdcf6967e953d5767a3d4378a26bf9959c4ab4c38401f79812ff395ee9b907eea93917b8d2035971869db17fffc1

    • SSDEEP

      98304:TRJYyhT6Sug1IPY2hiLOORwc3xyoZMEHGgS6y4wi36gZByUBXGo7FQ3:t9GjoKo/S6y4ZdZsUBXGYQ3

    Score
    10/10
    sectopratdiscoverypersistenceprivilege_escalationrattrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks