sectoprat | f702ce107528b41bd2d6f725779f898d63a2dd1139cd5ae6da85d2eb6b51ca8e | Triage

Submit
Reports

Overview

overview

Static

static

f702ce1075...8e.exe

windows7-x64

f702ce1075...8e.exe

windows10-2004-x64

Sharing

General

Target

f702ce107528b41bd2d6f725779f898d63a2dd1139cd5ae6da85d2eb6b51ca8e.exe
Size

768KB
Sample

240617-ydrwhawajm
MD5

1e78e781179b203275f674f4015f1512
SHA1

3c6e2e00953cf99248967d70613e8e5ec9570723
SHA256

f702ce107528b41bd2d6f725779f898d63a2dd1139cd5ae6da85d2eb6b51ca8e
SHA512

4a952563f506089d2fc5aa8b785956fab692604d02214ac8cb9457499c5e9795088f6f3d9ba18d2dcc5019d2e4e8c84285f6cef3ab5e1dd30de06d2f9e01ea75
SSDEEP

12288:tvsXZv8km0OHcbGbvzWHz0HnquwTy+g0ssFWylkkoAbtEjQwfNqbYS2VbICKMIUb:+fPz0HILg0ssFlSj4nm

Score

10^/10

sectoprat discovery rat spyware stealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

f702ce107528b41bd2d6f725779f898d63a2dd1139cd5ae6da85d2eb6b51ca8e.exe

Resource

win7-20240508-en

sectoprat discovery rat spyware stealer trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

f702ce107528b41bd2d6f725779f898d63a2dd1139cd5ae6da85d2eb6b51ca8e.exe

Resource

win10v2004-20240508-en

sectoprat rat trojan

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  f702ce107528b41bd2d6f725779f898d63a2dd1139cd5ae6da85d2eb6b51ca8e.exe
- Size
  
  768KB
- MD5
  
  1e78e781179b203275f674f4015f1512
- SHA1
  
  3c6e2e00953cf99248967d70613e8e5ec9570723
- SHA256
  
  f702ce107528b41bd2d6f725779f898d63a2dd1139cd5ae6da85d2eb6b51ca8e
- SHA512
  
  4a952563f506089d2fc5aa8b785956fab692604d02214ac8cb9457499c5e9795088f6f3d9ba18d2dcc5019d2e4e8c84285f6cef3ab5e1dd30de06d2f9e01ea75
- SSDEEP
  
  12288:tvsXZv8km0OHcbGbvzWHz0HnquwTy+g0ssFWylkkoAbtEjQwfNqbYS2VbICKMIUb:+fPz0HILg0ssFlSj4nm
Score

10^/10

sectoprat discovery rat spyware stealer trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

sectopratdiscoveryratspywarestealertrojan

behavioral2

sectopratrattrojan

© 2018-2024

Terms | Privacy