sectoprat

Sharing

Copy URL Twitter E-mail

General

Target

stage3.zip
Size

4.9MB
Sample

250521-ahsftsdq5v
MD5

dd99619d8f53ee4863f8864fdd8a0e20
SHA1

e4d9076f4760dac450a6d6a8ad1321f631350d55
SHA256

3da70bfeaa30198d54c0a50058fd10bdc53fa0c7fd972b79ca3836002abe7ea9
SHA512

fabfb28caff0fd950ff7ae022080fd660dc1e20889beebf5e12a3e25be9735e961976ba101d476ee128549e2605947685615f0d0d723c3c688b77f8cf231e11a
SSDEEP

98304:fTIaFJlpREeLsRTT1pM7B09TW6k5tQUkMGl5XZ19GhtOwzlBrsUY3CjOZkKNItpj:rIa/lpie4R1pM7STbQ7urXGfzNYaqkKY

Score

10^/10

Malware Config

Targets

- Target
  
  stage3.zip
- Size
  
  4.9MB
- MD5
  
  dd99619d8f53ee4863f8864fdd8a0e20
- SHA1
  
  e4d9076f4760dac450a6d6a8ad1321f631350d55
- SHA256
  
  3da70bfeaa30198d54c0a50058fd10bdc53fa0c7fd972b79ca3836002abe7ea9
- SHA512
  
  fabfb28caff0fd950ff7ae022080fd660dc1e20889beebf5e12a3e25be9735e961976ba101d476ee128549e2605947685615f0d0d723c3c688b77f8cf231e11a
- SSDEEP
  
  98304:fTIaFJlpREeLsRTT1pM7B09TW6k5tQUkMGl5XZ19GhtOwzlBrsUY3CjOZkKNItpj:rIa/lpie4R1pM7STbQ7urXGfzNYaqkKY
Score

10^/10

sectoprat discovery rat trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  BugSplat.dll
- Size
  
  430KB
- MD5
  
  f93d924db4386d3fa2392ca8ad077e1b
- SHA1
  
  7eb84704876b2b969fb60d58e6da1dfe4304d9e5
- SHA256
  
  f400b338f004340108d43f0418098a8d89ac8accbe7b7fca17c5b209b2bf586c
- SHA512
  
  cb3c96d2f771ddbbd4fe85816b958b265c4ad6d1ced950dd0ca90522b4fe592d6d169ecbd1094724813bc3bb160f9b30119ae8390ecc118a49d23d4612111f3a
- SSDEEP
  
  12288:1NIhcDNbo5iyFQi3HmXWb1LiTq/+C0hdY8h2up5S6Dh:nI2k5i0b1LiT00Q8hNl
Score

3^/10

discovery
behavioral2
- Target
  
  Drieb.ba
- Size
  
  53KB
- MD5
  
  4d908fc1547696aea1020dcca511e6b5
- SHA1
  
  7c6d9713bf9443815bf20c6ebe6cb344ada3bad2
- SHA256
  
  aab89fbc83546beadbe8078ce61f0cdc1c603d92ae6a4e5343a5e48243afb78b
- SHA512
  
  51e24de9af417fcd8c8a554b96d5de09ad15a0eae9b8eadb98e8ebb9add5975e69f65aa4b05b6a85e8465fe5b582b835f33dc6952ebd4489834ccc3098d0be0b
- SSDEEP
  
  1536:CEZ6sTq9+2p94kDTlm3/7xj4EvHX3cm02nG:z6Aq99p9BJmDx8EfXe2G
Score

3^/10
behavioral3
- Target
  
  Drouncloobthoub.odo
- Size
  
  2.6MB
- MD5
  
  76d4d24d1d857bac837c7733358a62e4
- SHA1
  
  3436fad8b97822a98c62440a0200d3d0d741f673
- SHA256
  
  2a9eee4dd23ea6e184c4a6decad391a19936e89bf2770d47e7f21faba03ac90a
- SHA512
  
  537cdea0d99d71c7caf7e5d538d126c0cd8e441673d1e0f55371904fbefe433326d797e0b61432b91796fbf0789c8a039361539c03087724f9825d8f9eb0ccda
- SSDEEP
  
  49152:i+ltYbM+9KGg7HAFZibPiue19yv8Pp7Vab3DfvNJraKEU4Ogq31nYR:9zYbM+93g0FZibKukPp7Mb3DXbwq318
Score

3^/10
behavioral4
- Target
  
  MonitoData.exe
- Size
  
  147KB
- MD5
  
  0ef6576560aa54889e4230c0ac2da560
- SHA1
  
  9f132cfa8f1db8932c9ad0db9cafd4ff0216b3c5
- SHA256
  
  c5a1b343d52e741fd91e6d71065a2bf3f2a1119b258a84e4dc026e705da828ac
- SHA512
  
  4a309e28338dfc039855534bd3b51632164f2f7effa2b574d2c75afc32a14ae574ef9751466224d3f2b0805de85c4303cc2d07988714d8488911538f0b0cd4bb
- SSDEEP
  
  768:2qoXya+G8TyC8t8z+aLx1lMtsPBcq9Sbh9SbLAEpYinAMx8iQP3pXYiui8AMxkEQ:J8yPTyC8ayLspcqCOJ7HxbQ17ZaxZO
Score

10^/10

sectoprat discovery rat spyware stealer trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Sectoprat family
  sectoprat
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral5
- Target
  
  ThreadCore.dll
- Size
  
  77KB
- MD5
  
  f6e668ebcc5deb4b652f6568378a4c2f
- SHA1
  
  05b98ae780648a567340d97414f7ccfc85181c85
- SHA256
  
  8b21474dec836da8ae8cbe705d7b244b88a062b6f465128bb782a9429330fa8e
- SHA512
  
  1d1ff708ddcb47f69375f521d83fe901055b529d215f52c7e3acb9dbec30b3190c03fad2b7db4d79cbcf0777bdfb1733f26495da31ccce5922c1966e73c3dbd8
- SSDEEP
  
  1536:4jInhBLrTsBZ4KHU8c5AmYORoM7HxbBnJ7Ztxk:48nP4z0DlRoM5hJdw
Score

3^/10

discovery
behavioral6
- Target
  
  ios_manager.dll
- Size
  
  1.9MB
- MD5
  
  9cc8ea7927525c94f7233e62146313a1
- SHA1
  
  ce5e025c2a7d46b0f72b64056365f81f6eb24ca3
- SHA256
  
  72f63220ef309de9d2667f4b3e0bfdf33131e3e39949925ad9b6d1a28948f571
- SHA512
  
  f655a575e3d364daecb14b059b451f19ac9c91cd02a39b4b713fcbd80af423ea7e03e4dcc4a08c4920e948690bf0a6b5f11d3eb89365e48a3b7a5056d55ac839
- SSDEEP
  
  24576:LJxhIOLZrlJ6Si+gP2BXURHCP9nTjjfiZcBva4zXaP0Yphp7:L7hxRTbgwPRPiOI067
Score

3^/10

discovery
behavioral7
- Target
  
  itunes_manager.dll
- Size
  
  163KB
- MD5
  
  3c791e118c42c6acb9079e212c3914db
- SHA1
  
  516271d8e90de99e8d3cdd68f4d266bc694736f3
- SHA256
  
  c8eda5b8d16e253479badb4a102e1c829bce396ba9d244ace69a0e7a5b1af35a
- SHA512
  
  ffe68174edd06f4a51c8b7c5f6419848173a6a348a4bceba144e800a82a1c88295fe914c47429fee5f875a1253428b1be0a5d1516b8c510c0c9bca774adc1fc6
- SSDEEP
  
  3072:zGmY5gw+Ovx6EPtgc0l3A97WVWJrqyIgGyqy5AndL:zGmYYEFgcCVWUy7H0
Score

3^/10

discovery
behavioral8
- Target
  
  libcurl.dll
- Size
  
  1.4MB
- MD5
  
  25c827f31c4aa9e36ab3447ffcb705dd
- SHA1
  
  ea2a0c912b104479dd289acb5f11a0dce14a4d27
- SHA256
  
  65cf24fe4150ea5542cb2798d84b3eb3583d6771c61cd461e8277eed05af3578
- SHA512
  
  6d705793155d93ada262b8ecdd9c08947b527e20731287ad2de81e4c31a5dfcd6623d037335e1e66021761f3d784e4ea6faa1bb5f5e6d6dd9de04b9e3855e0f9
- SSDEEP
  
  24576:/SNPAwddpeT1ixgszc6ntU+KpPVTbactijtSAhpNSgenKp/eky9r0C:oAGpeT1mggbt8NicI5EKp/eky9r0C
Score

3^/10

discovery
behavioral9
- Target
  
  msvcp140.dll
- Size
  
  446KB
- MD5
  
  4835a9b8749970d0ad04f22a546042af
- SHA1
  
  f89d579c0b0c4afe2ca8283d222f44051d2e7c94
- SHA256
  
  fa21058e50d0d6860da87d784f573670bf5d3efd65158145954ef96d0cd403cf
- SHA512
  
  7379678fd9454bac2042e69636718c0c568d61fba40cd0ca064baee044018f007625fb0acfb77d249768c0e36ba1353078167148825df4f4496ecf860e57ce00
- SSDEEP
  
  12288:Xtj8ci6gem4TxhFJedkhUgiW6QR7t5s03Ooc8dHkC2esDnit:dj8NX4T1Jep03Ooc8dHkC2eWni
Score

3^/10

discovery
behavioral10
- Target
  
  ts_base.dll
- Size
  
  242KB
- MD5
  
  36c5695018cf2bdd737979656eb29580
- SHA1
  
  f4f448de669d54d5050e146862849a85d19df3d0
- SHA256
  
  6a0061f173867098577eb88010bb94332a10f2147f7b08911b9358f48b997d28
- SHA512
  
  f13cb8bd76d8e456af42cdf0aaa49f0c313d08ef4679f5e6e5378c6becdee2127f04ec5d8f1d4224280603ab42b10524e65c62f204c879ffe6b2ae1a2a1ebf76
- SSDEEP
  
  3072:KIGGWJwkJ6lwZtG3RFbmPMmaIxapTUyxRLctuDGE5XdN:GJwkJcQPLxaJdxOu6O
Score

3^/10

discovery
behavioral11
- Target
  
  ts_client.dll
- Size
  
  91KB
- MD5
  
  41833d07c6cf062969e9ab98cd1a6b09
- SHA1
  
  35f4b87b3905c76a48d1545b83dd54f42dcb6e05
- SHA256
  
  3a9268e0d6ead27198d06a506fcf5c0ab210e75e037891189dbdd08c13a0d4a3
- SHA512
  
  bf4cf8fd56f7bb75ca06b66fe4bb896df76a0baa3a9d4f858756e0dd143c3ad0472c5c45e2449eab221ed8ea6d9c5f3e6a2ec0858843868e87d63520b2d37dad
- SSDEEP
  
  1536:nqMN+4RXZ5wfgIgVlHwReLaXVrK8WU6un7HxbN7ZQxF:nqv4dzwfgV0sLyrK8W65NdQ
Score

3^/10

discovery
behavioral12
- Target
  
  ts_sqlite3.dll
- Size
  
  632KB
- MD5
  
  05ab4a7d1e1fbc90b36a9d26458ff47b
- SHA1
  
  b99910a28acddd6f5119e05dd3054618c93cfd63
- SHA256
  
  561582c390c62da5ca8a5a22f81340c619ec1663ad7a8bd2aa2f81f71397f953
- SHA512
  
  cc3bd7a09010969a655c60101e49ad19cd0132676a4b99982f7cbd9a9ae7fae7bca4e2d74d018311424c2fc6d18f50f032366ca83c4f30f8d85edca8ac83de2d
- SSDEEP
  
  12288:NHFXEYA4KKYRQsAWOlKFJlJISYuaw1FwoZF3RcIGkAS2EEYXeg91QjAWT:NlXEYADpRxAfsZ0uajs3cIGkr1
Score

3^/10

discovery
behavioral13
- Target
  
  vcruntime140.dll
- Size
  
  81KB
- MD5
  
  e51018e4985943c51ff91471f8906504
- SHA1
  
  5899aaccdb692dbdffdaa35436c47d17c130cfd0
- SHA256
  
  ff9c1123cff493a8f5eacb91115611b6c1c808b30c82af9b6f388c0ef1f6b46d
- SHA512
  
  2fe5ddad2100aeaea35398384a440ba0be169ef429f7e0b69687bc0f8865df41bc93fc80d3a8f0ddd9df54fc2f2d76b1056a1d1962d37432704c818128ffbd74
- SSDEEP
  
  1536:lmGzxv5o1xSEIURDbnZ/dvC5cpnHXCh5cecbvo9J/Z0:lp5o1YEIU9bnZ/A5y3Jecbvo9
Score

3^/10

discovery
behavioral14

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

SectopRAT payload

Sectoprat family

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

SectopRAT

SectopRAT payload

Sectoprat family

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14