Extracted

• • Target

    msi (2).msi

  • Size

    21.2MB

  • MD5

    1d670753e89d61c11933975a5909676a

  • SHA1

    42f0862ddb4ce57c6eb9a56e4c8f9422d6a3fb65

  • SHA256

    039a96ae63d12777c79f84242b1b6687c557ff5aa063f8de414ab9d5c9ff9d04

  • SHA512

    352270c93ab1430839b09fddc962f2c46e5791bfa9fece31bacbb9453ca6f1d9fb03eeb4566774cb1c37d00cc5f185f70d506f50720b024e6526070d0856883e

  • SSDEEP

    393216:D+SX8B1Ph7xmLySZGqM/RrIKo9MGRJ7S4Ul0:D+NPh7xMo/RQRr

  Score

  10^/10

  sectopratcredential_accessdiscoveryratspywarestealertrojan

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Sectoprat family

    sectoprat

  • Uses browser remote debugging

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1