General

  • Target

    f9d7b25312a0a6bbc599c4a97b3ae6648e842fc1c22d6212c4a4cf7f68f7853f

  • Size

    6.0MB

  • Sample

    240114-2ee5waeda6

  • MD5

    231117b61397a7efe250fa36cf2316de

  • SHA1

    4d7424fc7b164bd2f9687b53510ce0a36b3396e6

  • SHA256

    f9d7b25312a0a6bbc599c4a97b3ae6648e842fc1c22d6212c4a4cf7f68f7853f

  • SHA512

    1863d4b461cb5e2f76e5effdebc14d7c09f2c8b2728ca185a3cd4c2ae7f066fe242eb522003067138700e1a0357d12aa09057d1509ec32a3c981b22b5638c3ed

  • SSDEEP

    98304:1AtmrY96KjOTsSP7Re3lAqpVohXCgSx028V:1uw66KjOVP7Re3l/pVohyH028V

Malware Config

Targets

    • Target

      f9d7b25312a0a6bbc599c4a97b3ae6648e842fc1c22d6212c4a4cf7f68f7853f

    • Size

      6.0MB

    • MD5

      231117b61397a7efe250fa36cf2316de

    • SHA1

      4d7424fc7b164bd2f9687b53510ce0a36b3396e6

    • SHA256

      f9d7b25312a0a6bbc599c4a97b3ae6648e842fc1c22d6212c4a4cf7f68f7853f

    • SHA512

      1863d4b461cb5e2f76e5effdebc14d7c09f2c8b2728ca185a3cd4c2ae7f066fe242eb522003067138700e1a0357d12aa09057d1509ec32a3c981b22b5638c3ed

    • SSDEEP

      98304:1AtmrY96KjOTsSP7Re3lAqpVohXCgSx028V:1uw66KjOVP7Re3l/pVohyH028V

    • Detect ZGRat V1

    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Drops startup file

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks