Overview

overview

10

Static

static

10

msi (8).msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    msi (8).msi

  • Size

    19.9MB

  • Sample

    250407-phwktayxdt

  • MD5

    3101ecfa0802a37677592a003f4005b1

  • SHA1

    cf611230456d70127f7541723af162c6a09d6549

  • SHA256

    69a2b85495bbf5fe03c9fa86e6b7b931f52e986a0ad1885583a4486f2b6d39c3

  • SHA512

    ea9d2b6f211d9e5811d57d1525252d437f0a3a3f81ce21750824ed53967d1f834b1e3908d761e371e3bf3f80d2e35dae362ba451d1bf843f57051b6870b68eb6

  • SSDEEP

    196608:R8DQnkCru3ZBggTPCBAIk9a7911FuyuON7NKmiRT5kozS6A4d2mOmGhIXA:kYkCwz+BP9ZuyuOxNzOkos4zG2XA

Score
10/10
hijackloadersectopratdiscoveryrattrojan

Malware Config

Extracted

Family

hijackloader

Attributes
  • directory

    %APPDATA%\QuickJava_wys_5

  • inject_dll

    %windir%\SysWOW64\pla.dll

xor.hex

Targets

    • Target

      msi (8).msi

    • Size

      19.9MB

    • MD5

      3101ecfa0802a37677592a003f4005b1

    • SHA1

      cf611230456d70127f7541723af162c6a09d6549

    • SHA256

      69a2b85495bbf5fe03c9fa86e6b7b931f52e986a0ad1885583a4486f2b6d39c3

    • SHA512

      ea9d2b6f211d9e5811d57d1525252d437f0a3a3f81ce21750824ed53967d1f834b1e3908d761e371e3bf3f80d2e35dae362ba451d1bf843f57051b6870b68eb6

    • SSDEEP

      196608:R8DQnkCru3ZBggTPCBAIk9a7911FuyuON7NKmiRT5kozS6A4d2mOmGhIXA:kYkCwz+BP9ZuyuOxNzOkos4zG2XA

    Score
    10/10
    sectopratdiscoveryrattrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks