General

  • Target

    34d5c36d1b169ab6508408383195ad9b9a44c2fb378835789168978b369f0eeb

  • Size

    6.6MB

  • Sample

    240114-18ln3sdcgp

  • MD5

    3bb4f254cdb132088723f53d382f4dff

  • SHA1

    dd16139fb0f68956613e76a480426e0f3b7bdef7

  • SHA256

    34d5c36d1b169ab6508408383195ad9b9a44c2fb378835789168978b369f0eeb

  • SHA512

    4be8e8df056d30c2570758b5ccfd63bfe18010dc5b4b5d1e839b505c328540733c2beda5b4183bc580a1f96ae44c51f86c4dfd88e04fd6a99ee50d630d74b790

  • SSDEEP

    98304:r4/bF/WOAhDcY58TEY11bcOok+f2pigMH6M9lDrmmDigUAnpQ:ro8hDN5fYzcOokNhMH6MTrpDK

Malware Config

Targets

    • Target

      34d5c36d1b169ab6508408383195ad9b9a44c2fb378835789168978b369f0eeb

    • Size

      6.6MB

    • MD5

      3bb4f254cdb132088723f53d382f4dff

    • SHA1

      dd16139fb0f68956613e76a480426e0f3b7bdef7

    • SHA256

      34d5c36d1b169ab6508408383195ad9b9a44c2fb378835789168978b369f0eeb

    • SHA512

      4be8e8df056d30c2570758b5ccfd63bfe18010dc5b4b5d1e839b505c328540733c2beda5b4183bc580a1f96ae44c51f86c4dfd88e04fd6a99ee50d630d74b790

    • SSDEEP

      98304:r4/bF/WOAhDcY58TEY11bcOok+f2pigMH6M9lDrmmDigUAnpQ:ro8hDN5fYzcOokNhMH6MTrpDK

    • Detect ZGRat V1

    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks