Extracted

• • Target

    msi (4).msi

  • Size

    6.2MB

  • MD5

    391f67eb98c7f707cb94a070b74400b6

  • SHA1

    ed2e0e03a19fade042fb7f4be2d305987075711f

  • SHA256

    1d487d11f8e3c45d76a260e4995b79f3cceca02942d9e426970eb560530c6c09

  • SHA512

    3089441646ebcfc9d49c55322020433b03ccce7e8826960bf6415b593796418505470b63d7506a34ce025c578992910dafb34bc44f73ed87d8f82d973cc9c85e

  • SSDEEP

    98304:1RJYyhcOqGU0xyoZ3lSby0it97V6NGaS6F4Kt56TchTV3uAJ69Xt:TSyvrjXtFIS6F44ccxV3uAMXt

  Score

  10^/10

  sectopratcredential_accessdiscoveryratspywarestealertrojan

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Sectoprat family

    sectoprat

  • Uses browser remote debugging

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1