sectoprat | 6cb35e6d5e3dc675d2b2fac2e86012d3da4134b213169ef26481c4eb2f90845a | Triage

Submit
Reports

Overview

overview

Static

static

1

6cb35e6d5e...5a.exe

windows7-x64

6cb35e6d5e...5a.exe

windows10-2004-x64

Sharing

General

Target

6cb35e6d5e3dc675d2b2fac2e86012d3da4134b213169ef26481c4eb2f90845a.exe
Size

2.2MB
Sample

240606-bxrcradg6z
MD5

2e353132fb63ea9056c83d9e7e030abb
SHA1

122894bbcfe114fe28ce94da7dddb363581edc06
SHA256

6cb35e6d5e3dc675d2b2fac2e86012d3da4134b213169ef26481c4eb2f90845a
SHA512

116e4b2f7129de130237197c281c9238095f80f2af4a68bd617ec9d07c7de2f0580f273fd777214304da77dc856eb357d455d9c5996d14c166cecc66cc060183
SSDEEP

49152:kGMK7sPVFjY2nyZSNB4t48sUjbpcZ36kWT1r2+I6cMMyIks:rMK6FY2yZSg4RY+krNIFf

Score

10^/10

sectoprat discovery rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

6cb35e6d5e3dc675d2b2fac2e86012d3da4134b213169ef26481c4eb2f90845a.exe

Resource

win7-20240221-en

sectoprat discovery rat spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

6cb35e6d5e3dc675d2b2fac2e86012d3da4134b213169ef26481c4eb2f90845a.exe

Resource

win10v2004-20240508-en

sectoprat discovery rat spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  6cb35e6d5e3dc675d2b2fac2e86012d3da4134b213169ef26481c4eb2f90845a.exe
- Size
  
  2.2MB
- MD5
  
  2e353132fb63ea9056c83d9e7e030abb
- SHA1
  
  122894bbcfe114fe28ce94da7dddb363581edc06
- SHA256
  
  6cb35e6d5e3dc675d2b2fac2e86012d3da4134b213169ef26481c4eb2f90845a
- SHA512
  
  116e4b2f7129de130237197c281c9238095f80f2af4a68bd617ec9d07c7de2f0580f273fd777214304da77dc856eb357d455d9c5996d14c166cecc66cc060183
- SSDEEP
  
  49152:kGMK7sPVFjY2nyZSNB4t48sUjbpcZ36kWT1r2+I6cMMyIks:rMK6FY2yZSg4RY+krNIFf
Score

10^/10

sectoprat discovery rat spyware stealer trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

sectopratdiscoveryratspywarestealertrojan

behavioral2

sectopratdiscoveryratspywarestealertrojan

© 2018-2024

Terms | Privacy