Overview

overview

10

Static

static

10

msi (6).msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    msi (6).msi

  • Size

    21.2MB

  • Sample

    250407-pjenpa1pz7

  • MD5

    351534e9541bf6e3a431f681f434c035

  • SHA1

    ab20dbc4cbfac36da850ce565802f17174c1c3f9

  • SHA256

    5683062408d9b59fe6c9296e4a269eec710e06ed84be38fac698903ea7a78ba0

  • SHA512

    2c51009b0b213c01157bd4ec860fe4e083c9f9dedc7e373350cc251bb7a6d89706c36f42a175faf52453734e1137e3deef37923b7134cb87a03ac9aea7f23f69

  • SSDEEP

    393216:CQzQrSX8B1Ph7xmLySZGqM/RrIKo9MGRJ7S4il2:LQrNPh7xMo/RQRX

Score
10/10
hijackloadersectopratdiscoveryrattrojan

Malware Config

Extracted

Family

hijackloader

Attributes
  • directory

    %APPDATA%\serverfmZz

  • inject_dll

    %windir%\SysWOW64\pla.dll

xor.hex

Targets

    • Target

      msi (6).msi

    • Size

      21.2MB

    • MD5

      351534e9541bf6e3a431f681f434c035

    • SHA1

      ab20dbc4cbfac36da850ce565802f17174c1c3f9

    • SHA256

      5683062408d9b59fe6c9296e4a269eec710e06ed84be38fac698903ea7a78ba0

    • SHA512

      2c51009b0b213c01157bd4ec860fe4e083c9f9dedc7e373350cc251bb7a6d89706c36f42a175faf52453734e1137e3deef37923b7134cb87a03ac9aea7f23f69

    • SSDEEP

      393216:CQzQrSX8B1Ph7xmLySZGqM/RrIKo9MGRJ7S4il2:LQrNPh7xMo/RQRX

    Score
    10/10
    sectopratdiscoveryrattrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Sectoprat family

      sectoprat

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks