sectoprat | c00280f16aa9c12f6a8a7f29c493f17c237e570ae1fe481d368ea0ab4eafedf5 | Triage

Submit
Reports

Overview

overview

Static

static

1

Mia_Khalifia(18+).exe

windows11-21h2-x64

Resubmissions

03-07-2024 17:18

240703-vvk8hazcqq 10

03-07-2024 16:20

240703-ts74tatfpm 8

Sharing

General

Target

Mia_Khalifia(18+).exe
Size

4.2MB
Sample

240703-vvk8hazcqq
MD5

9c6352ad45c6ce5ab18f75f4fcf3c85d
SHA1

3908a22b5a4dceedc813b0deded861fdbc9ae6fb
SHA256

c00280f16aa9c12f6a8a7f29c493f17c237e570ae1fe481d368ea0ab4eafedf5
SHA512

ba2d87ea0c656b6b3de4075e465b8b5c991c89a32446c460ede9052e7b9ea7b64e52858971a5b620ad78393074b84cc7bcde70cf989e1de76514f3076e07f925
SSDEEP

98304:mnyNQa/26tLM4OXoQCn9+juAoHsvP0mDFn169ryxbTkNW:0yNQa+OLM4eoQIiIsXnu9exHko

Score

10^/10

sectoprat evasion execution rat spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

Mia_Khalifia(18+).exe

Resource

win11-20240611-en

sectoprat evasion execution rat spyware trojan

windows11-21h2-x64

17 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Mia_Khalifia(18+).exe
- Size
  
  4.2MB
- MD5
  
  9c6352ad45c6ce5ab18f75f4fcf3c85d
- SHA1
  
  3908a22b5a4dceedc813b0deded861fdbc9ae6fb
- SHA256
  
  c00280f16aa9c12f6a8a7f29c493f17c237e570ae1fe481d368ea0ab4eafedf5
- SHA512
  
  ba2d87ea0c656b6b3de4075e465b8b5c991c89a32446c460ede9052e7b9ea7b64e52858971a5b620ad78393074b84cc7bcde70cf989e1de76514f3076e07f925
- SSDEEP
  
  98304:mnyNQa/26tLM4OXoQCn9+juAoHsvP0mDFn169ryxbTkNW:0yNQa+OLM4eoQIiIsXnu9exHko
Score

10^/10

sectoprat evasion execution rat spyware trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Downloads MZ/PE file
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

sectopratevasionexecutionratspywaretrojan

© 2018-2024

Terms | Privacy