hijackloader | 039a96ae63d12777c79f84242b1b6687c557ff5aa063f8de414ab9d5c9ff9d04 | Triage

Submit
Reports

Overview

overview

Static

static

msi (2).msi

windows10-2004-x64

Resubmissions

07/04/2025, 12:25

250407-pl3tas1qx3 10

07/04/2025, 12:22

250407-pjyfssyxfy 10

Sharing

General

Target

msi (2).msi
Size

21.2MB
Sample

250407-pl3tas1qx3
MD5

1d670753e89d61c11933975a5909676a
SHA1

42f0862ddb4ce57c6eb9a56e4c8f9422d6a3fb65
SHA256

039a96ae63d12777c79f84242b1b6687c557ff5aa063f8de414ab9d5c9ff9d04
SHA512

352270c93ab1430839b09fddc962f2c46e5791bfa9fece31bacbb9453ca6f1d9fb03eeb4566774cb1c37d00cc5f185f70d506f50720b024e6526070d0856883e
SSDEEP

393216:D+SX8B1Ph7xmLySZGqM/RrIKo9MGRJ7S4Ul0:D+NPh7xMo/RQRr

Score

10^/10

hijackloader sectoprat bootkit discovery persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

msi (2).msi

Resource

win10v2004-20250314-en

sectoprat bootkit discovery persistence rat trojan

windows10-2004-x64

28 signatures

900 seconds

Malware Config

Extracted

Family

hijackloader

Attributes

directory
%APPDATA%\manageFirefoxTok_5
inject_dll
%windir%\SysWOW64\pla.dll

xor.hex

Targets

- Target
  
  msi (2).msi
- Size
  
  21.2MB
- MD5
  
  1d670753e89d61c11933975a5909676a
- SHA1
  
  42f0862ddb4ce57c6eb9a56e4c8f9422d6a3fb65
- SHA256
  
  039a96ae63d12777c79f84242b1b6687c557ff5aa063f8de414ab9d5c9ff9d04
- SHA512
  
  352270c93ab1430839b09fddc962f2c46e5791bfa9fece31bacbb9453ca6f1d9fb03eeb4566774cb1c37d00cc5f185f70d506f50720b024e6526070d0856883e
- SSDEEP
  
  393216:D+SX8B1Ph7xmLySZGqM/RrIKo9MGRJ7S4Ul0:D+NPh7xMo/RQRr
Score

10^/10

sectoprat bootkit discovery persistence rat trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sectopratbootkitdiscoverypersistencerattrojan

© 2018-2025

Terms | Privacy