Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    32f721de1d024352df19ec1dfb88806a460e31185e86ec6202ec1951115460f9

  • Size

    460KB

  • Sample

    240419-h3epgabf73

  • MD5

    e2115200ac363d68811dbe577d85b9ed

  • SHA1

    f3f4c60fdccaaaebdf3d82f15dab1ae7584a7b26

  • SHA256

    32f721de1d024352df19ec1dfb88806a460e31185e86ec6202ec1951115460f9

  • SHA512

    b6ba2bc3fcc5c8756c5083bcd6bcbd33938d91d6090206b6e873369c7b1cc0333937ed5233ec3071f6924bad2a4fe9a3e0d0732e3f8c15dae8c997d7df0b452a

  • SSDEEP

    6144:KDfVZKQFzkJGWNWNK47hJGMcyvkFFV7uHf07pGi1Wp7Yuxw0QmmY:KDfVZ1FzkAEWw47nGMcmkFFMNQkwGmY

Score
10/10
sectopratstealczgratratstealertrojan

Malware Config

Targets

    • Target

      32f721de1d024352df19ec1dfb88806a460e31185e86ec6202ec1951115460f9

    • Size

      460KB

    • MD5

      e2115200ac363d68811dbe577d85b9ed

    • SHA1

      f3f4c60fdccaaaebdf3d82f15dab1ae7584a7b26

    • SHA256

      32f721de1d024352df19ec1dfb88806a460e31185e86ec6202ec1951115460f9

    • SHA512

      b6ba2bc3fcc5c8756c5083bcd6bcbd33938d91d6090206b6e873369c7b1cc0333937ed5233ec3071f6924bad2a4fe9a3e0d0732e3f8c15dae8c997d7df0b452a

    • SSDEEP

      6144:KDfVZKQFzkJGWNWNK47hJGMcyvkFFV7uHf07pGi1Wp7Yuxw0QmmY:KDfVZ1FzkAEWw47nGMcmkFFMNQkwGmY

    Score
    10/10
    sectopratstealczgratratstealertrojan

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks