General

  • Target

    aa2cef16edce221b2557caf8b7ad14bfb8c8111860076f8b683ba192f254bfcf

  • Size

    6.2MB

  • Sample

    231224-2mqxcafacq

  • MD5

    d2ef2ab48311dd0b50594e1bbb23c9f4

  • SHA1

    e9b1b813ba2ba88e0f096715d007c9923a60d505

  • SHA256

    aa2cef16edce221b2557caf8b7ad14bfb8c8111860076f8b683ba192f254bfcf

  • SHA512

    6bb5572064cbcb9406b4b3f6bbd114758cc353390be8ee775116c1772c02b03b55b19cb43272d0381e3fddb12216b79d57b94de9c1771ba3ea5bc19e5d636a75

  • SSDEEP

    98304:csKi3FnkpD/k1aOSdQUZN9QBvBesfrdOS/OPDcMqWql4Q:r73FnkpD84eUZ3QxB3dOFPDOl4Q

Malware Config

Targets

    • Target

      aa2cef16edce221b2557caf8b7ad14bfb8c8111860076f8b683ba192f254bfcf

    • Size

      6.2MB

    • MD5

      d2ef2ab48311dd0b50594e1bbb23c9f4

    • SHA1

      e9b1b813ba2ba88e0f096715d007c9923a60d505

    • SHA256

      aa2cef16edce221b2557caf8b7ad14bfb8c8111860076f8b683ba192f254bfcf

    • SHA512

      6bb5572064cbcb9406b4b3f6bbd114758cc353390be8ee775116c1772c02b03b55b19cb43272d0381e3fddb12216b79d57b94de9c1771ba3ea5bc19e5d636a75

    • SSDEEP

      98304:csKi3FnkpD/k1aOSdQUZN9QBvBesfrdOS/OPDcMqWql4Q:r73FnkpD84eUZ3QxB3dOFPDOl4Q

    • Detect ZGRat V1

    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks