General

  • Target

    c59824b5561c2a2747324830d8fa25f50cc3c7932d12ab83a29ce643910a7b7c

  • Size

    6.8MB

  • Sample

    231224-2qbxlahag6

  • MD5

    b0e8ce9293dfb1726d275d9bcde7f64b

  • SHA1

    c0595be839a6a8bb42b45530ec3b5cd2141db26d

  • SHA256

    c59824b5561c2a2747324830d8fa25f50cc3c7932d12ab83a29ce643910a7b7c

  • SHA512

    00bd94706d3402937e5430949970712f0282de2bf9c7c0c1cf13b79db16c8999ca0df4074616d6b0b2e746e881307f8b6f02fd5f564800262d379ca21d8b6ab6

  • SSDEEP

    98304:qGTsFNeGYoV80Xj/8IWA/5XO1s/UQOpHLTltEOjV/JXrtH4HTunVIluqw7pqf/NU:aFN98wJOicZEOjVJtH4zG8xe

Malware Config

Targets

    • Target

      c59824b5561c2a2747324830d8fa25f50cc3c7932d12ab83a29ce643910a7b7c

    • Size

      6.8MB

    • MD5

      b0e8ce9293dfb1726d275d9bcde7f64b

    • SHA1

      c0595be839a6a8bb42b45530ec3b5cd2141db26d

    • SHA256

      c59824b5561c2a2747324830d8fa25f50cc3c7932d12ab83a29ce643910a7b7c

    • SHA512

      00bd94706d3402937e5430949970712f0282de2bf9c7c0c1cf13b79db16c8999ca0df4074616d6b0b2e746e881307f8b6f02fd5f564800262d379ca21d8b6ab6

    • SSDEEP

      98304:qGTsFNeGYoV80Xj/8IWA/5XO1s/UQOpHLTltEOjV/JXrtH4HTunVIluqw7pqf/NU:aFN98wJOicZEOjVJtH4zG8xe

    • Detect ZGRat V1

    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks