Extracted

• • Target

    WNBOZYUN.msi

  • Size

    23.5MB

  • MD5

    fbad39a4e69da1cc3bf48541c7905d4c

  • SHA1

    747b277cd5bb37e719877e45864f3beedc949f06

  • SHA256

    923efb46578f7f31a9734ec1d7e7e1b9edf1560fec54d7319179aa51cf3dd26a

  • SHA512

    199763a4cc4fdde9aecec9b15523d1dc4283475128c0544ecab4dbe2887b62e9f54780e03539822f0f186e876b213269959ea07b2fbc4b01574a271784d1ef50

  • SSDEEP

    196608:/W/NUkyHnX2H4hsNAW+X8XPCNzllXzYEj3Jl0kj386l4ClxDRpIqX:JDHnXA4hsNAdX8XPCNJnZT4i+qX

  Score

  10^/10

  sectopratdiscoverypersistenceprivilege_escalationratspywaretrojan

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Sectoprat family

    sectoprat

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1