General

  • Target

    f18bb1edd3ae7b63144e96132ce9aefb.bin

  • Size

    4.1MB

  • Sample

    240114-elplkabfhr

  • MD5

    03d004d53b58f5a5a7ed0198ef775ad6

  • SHA1

    52e190155c2aa462ae9b6bb8a9dc5ab0655a453a

  • SHA256

    89f9caea29343d0a92b7a2cf4c3d675fe36ed7559f1f5fb389d8ee616023d1da

  • SHA512

    c6e98dce3a583a71f3e2d07c65793ec278c5971985be16bb42945d17d674b4b5dd700d8921f052d3ffb19fa8604d6845126d291f40b37e9d5cf1ebaea7ef0cce

  • SSDEEP

    98304:n4X9G5TE4Pzu2OQdDqowkfHEDGdhpFUey3i15Z:nmYXrOmDqhahpTF5Z

Malware Config

Targets

    • Target

      897b63dc56623c54120c95340a7e8c416786dbc18bb03dae3300ab2fd57e928a.exe

    • Size

      6.5MB

    • MD5

      f18bb1edd3ae7b63144e96132ce9aefb

    • SHA1

      c1e427cada1d7c0ffc7196d722ee6c0af82c2756

    • SHA256

      897b63dc56623c54120c95340a7e8c416786dbc18bb03dae3300ab2fd57e928a

    • SHA512

      d0036a1b6bab8786f45688a7d22a3dfd28a9ef21048b13aea72182b3599d1ebb22acd210e5c86883b0b3a81f755a1a1eebe9a7fac7eaf7b5235188cc3f5eab0b

    • SSDEEP

      98304:ukWTppXqlbXXSKXiDvrfuh8AN8HJyeZaDN6h:ukWVtYbnSKXSvbSupyYaDNE

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Drops startup file

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks