sectoprat

General

Target

1453acb57fda5d0c89c052540f531b20e1211112b2433dede93b43c726cfe656
Size

445KB
Sample

240420-tq6g7sch4x
MD5

679dbda18984bf8e308e5eee664eac7d
SHA1

0d5c8ec76fc459e1b8ef433412c5d18f1e550254
SHA256

1453acb57fda5d0c89c052540f531b20e1211112b2433dede93b43c726cfe656
SHA512

9b7cf48db7bf51ca8c7086e75dfa9cb41e9e987b21ff8f7bc8326042bc27145b3154d84f5f59f997665bc62eb238bf1c5bf3f42d378c75f27a851f3feb5203ee
SSDEEP

6144:JekG6S4KJiiEPhpbas7CdbWTExRYde0GsybfjRYHx7IlvDbm+NRASZ4:4kG6fTxasubCde0GxrRNlvDbvNyU4

Score

10^/10

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.209

Attributes

url_path
/3cd2b41cbde8fc9c.php

Targets

- Target
  
  1453acb57fda5d0c89c052540f531b20e1211112b2433dede93b43c726cfe656
- Size
  
  445KB
- MD5
  
  679dbda18984bf8e308e5eee664eac7d
- SHA1
  
  0d5c8ec76fc459e1b8ef433412c5d18f1e550254
- SHA256
  
  1453acb57fda5d0c89c052540f531b20e1211112b2433dede93b43c726cfe656
- SHA512
  
  9b7cf48db7bf51ca8c7086e75dfa9cb41e9e987b21ff8f7bc8326042bc27145b3154d84f5f59f997665bc62eb238bf1c5bf3f42d378c75f27a851f3feb5203ee
- SSDEEP
  
  6144:JekG6S4KJiiEPhpbas7CdbWTExRYde0GsybfjRYHx7IlvDbm+NRASZ4:4kG6fTxasubCde0GxrRNlvDbvNyU4
Score

10^/10

sectoprat stealc zgrat rat stealer trojan
- Detect ZGRat V1
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

SectopRAT payload

Stealc

ZGRat

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2