General
-
Target
18eb5d3175e49859fc2b0836c4b7e8d0c6ab4f3d9902641446b0bf60a2755b3a
-
Size
411KB
-
Sample
240418-mama3aab29
-
MD5
59b2dff217cce36f03fe67d1fdc23690
-
SHA1
aca10e4c6a14d1a958fcf297dd2d2743fd66f2ec
-
SHA256
18eb5d3175e49859fc2b0836c4b7e8d0c6ab4f3d9902641446b0bf60a2755b3a
-
SHA512
fb58dda71ed84a5edf6e1e0de001fbb7e5bbd2e0fa5fb2c23655ba93007b645ad2142367710b9e7f480fd2bd0a86fe43b4acaf5915756239eca31325339f8c4b
-
SSDEEP
6144:uLmorbLzyLZ9sZ87lJCqaVmskIctWoPvz/tquYnwuyS3pYea5f31pa:uqo/DZ8jN6LNu/8uYmfva
Malware Config
Targets
-
-
Target
18eb5d3175e49859fc2b0836c4b7e8d0c6ab4f3d9902641446b0bf60a2755b3a
-
Size
411KB
-
MD5
59b2dff217cce36f03fe67d1fdc23690
-
SHA1
aca10e4c6a14d1a958fcf297dd2d2743fd66f2ec
-
SHA256
18eb5d3175e49859fc2b0836c4b7e8d0c6ab4f3d9902641446b0bf60a2755b3a
-
SHA512
fb58dda71ed84a5edf6e1e0de001fbb7e5bbd2e0fa5fb2c23655ba93007b645ad2142367710b9e7f480fd2bd0a86fe43b4acaf5915756239eca31325339f8c4b
-
SSDEEP
6144:uLmorbLzyLZ9sZ87lJCqaVmskIctWoPvz/tquYnwuyS3pYea5f31pa:uqo/DZ8jN6LNu/8uYmfva
Score10/10-
Detect ZGRat V1
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Stealc
Stealc is an infostealer written in C++.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-