General

  • Target

    18438ba9ff004f421bef169685a080e71fb69f68680411102dbad5d987c01b92

  • Size

    6.5MB

  • Sample

    240114-171rlsdcgj

  • MD5

    03e9935cd95bb87c4e61500e794ca439

  • SHA1

    bdf2067f9c825036eefe92a6787787d827baa180

  • SHA256

    18438ba9ff004f421bef169685a080e71fb69f68680411102dbad5d987c01b92

  • SHA512

    f750da90d4ffe60de02296153de7f85668a6a54e1654e655215c69a548aeab40d9bec3614e7a52d020b6aaffc662723e60b65bc5dc163ebfc1cf864277ab0d37

  • SSDEEP

    98304:uCmZHHCneK+e7XIGRZERpAnAVjYnFv4a9o63d8vl:eZH1K+w9EUnAFYnFQaa6N

Malware Config

Targets

    • Target

      18438ba9ff004f421bef169685a080e71fb69f68680411102dbad5d987c01b92

    • Size

      6.5MB

    • MD5

      03e9935cd95bb87c4e61500e794ca439

    • SHA1

      bdf2067f9c825036eefe92a6787787d827baa180

    • SHA256

      18438ba9ff004f421bef169685a080e71fb69f68680411102dbad5d987c01b92

    • SHA512

      f750da90d4ffe60de02296153de7f85668a6a54e1654e655215c69a548aeab40d9bec3614e7a52d020b6aaffc662723e60b65bc5dc163ebfc1cf864277ab0d37

    • SSDEEP

      98304:uCmZHHCneK+e7XIGRZERpAnAVjYnFv4a9o63d8vl:eZH1K+w9EUnAFYnFQaa6N

    • Detect ZGRat V1

    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Drops startup file

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks