General

  • Target

    1989c9b8ecb487c23d6de52e5860c4bb9ed9b9ee5b22265267761a686eba7c2f

  • Size

    5.6MB

  • Sample

    240114-174hhadcgl

  • MD5

    47e19c527210dfdce1dfa2962eaa73de

  • SHA1

    80741dd2a77d77097f7638e61095017ff9d534ae

  • SHA256

    1989c9b8ecb487c23d6de52e5860c4bb9ed9b9ee5b22265267761a686eba7c2f

  • SHA512

    52fd9f3245fe2e7f56d47d855ccbd91e4931330ca5f8a00181531e59e7a508e7f93d6ea270cbd3fcc6d3ad54e68027960c305d2ef81b28108731aed88b3e461c

  • SSDEEP

    98304:+e3e4ejPxblyoseZRIPpAogYKeTzOzqc7u9:Le4ejJ5ceZEvgnDzx7W

Malware Config

Targets

    • Target

      1989c9b8ecb487c23d6de52e5860c4bb9ed9b9ee5b22265267761a686eba7c2f

    • Size

      5.6MB

    • MD5

      47e19c527210dfdce1dfa2962eaa73de

    • SHA1

      80741dd2a77d77097f7638e61095017ff9d534ae

    • SHA256

      1989c9b8ecb487c23d6de52e5860c4bb9ed9b9ee5b22265267761a686eba7c2f

    • SHA512

      52fd9f3245fe2e7f56d47d855ccbd91e4931330ca5f8a00181531e59e7a508e7f93d6ea270cbd3fcc6d3ad54e68027960c305d2ef81b28108731aed88b3e461c

    • SSDEEP

      98304:+e3e4ejPxblyoseZRIPpAogYKeTzOzqc7u9:Le4ejJ5ceZEvgnDzx7W

    • Detect ZGRat V1

    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Drops startup file

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks