General

  • Target

    a6aca8bdb9a354a34ea7b6b4fee2f1ed87677b6825725ff66236e4e1d691e48e.exe

  • Size

    5.7MB

  • Sample

    240111-y9e7ksggg5

  • MD5

    42e3b46e2e5083f9d014766e91f19651

  • SHA1

    913b0602ff3a115ab509080d5e73c28b7c9c0511

  • SHA256

    a6aca8bdb9a354a34ea7b6b4fee2f1ed87677b6825725ff66236e4e1d691e48e

  • SHA512

    fbe8847b561f67471fa9815cb20ed56cda34805d5ecd4f310452896fc2ca30f5544d7ec19349c101b35c02caeafcf891770adef0e830234dea7b163e83c85ae2

  • SSDEEP

    98304:Yh+4BHStJETyQK6jBa2uV4fGUn7ZMQflcW15eLwrB:+9BySyyBoVDU7ZMQ9cMYwF

Malware Config

Targets

    • Target

      a6aca8bdb9a354a34ea7b6b4fee2f1ed87677b6825725ff66236e4e1d691e48e.exe

    • Size

      5.7MB

    • MD5

      42e3b46e2e5083f9d014766e91f19651

    • SHA1

      913b0602ff3a115ab509080d5e73c28b7c9c0511

    • SHA256

      a6aca8bdb9a354a34ea7b6b4fee2f1ed87677b6825725ff66236e4e1d691e48e

    • SHA512

      fbe8847b561f67471fa9815cb20ed56cda34805d5ecd4f310452896fc2ca30f5544d7ec19349c101b35c02caeafcf891770adef0e830234dea7b163e83c85ae2

    • SSDEEP

      98304:Yh+4BHStJETyQK6jBa2uV4fGUn7ZMQflcW15eLwrB:+9BySyyBoVDU7ZMQ9cMYwF

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Drops startup file

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks