General
-
Target
56a64e0330950bad93c69d12a297d66f8df92e46fcc2cf4fc5e645579ecca632
-
Size
474KB
-
Sample
240423-lewvmafb5s
-
MD5
8d779c5a78f64a89266745e7ef3c8bf3
-
SHA1
8db6018e8b3fe986c2b35d9a0b69aa0d9b01b1f9
-
SHA256
56a64e0330950bad93c69d12a297d66f8df92e46fcc2cf4fc5e645579ecca632
-
SHA512
bc677b34b784341763681bd9598ded0c9f6b4f3430f51197ef2965319dd03d341dc293a5c038f08f6072e9ea0deab82b6d571bb11f34569b7804350601f66ca2
-
SSDEEP
6144:iwnPTo/IXQuL5VTucBaLArEN7zbz4reRT8oa/q+kgVYekReTohD3E1cl6:iwnPTocQuL5VlIAczbzEe987iBnUo6
Malware Config
Targets
-
-
Target
56a64e0330950bad93c69d12a297d66f8df92e46fcc2cf4fc5e645579ecca632
-
Size
474KB
-
MD5
8d779c5a78f64a89266745e7ef3c8bf3
-
SHA1
8db6018e8b3fe986c2b35d9a0b69aa0d9b01b1f9
-
SHA256
56a64e0330950bad93c69d12a297d66f8df92e46fcc2cf4fc5e645579ecca632
-
SHA512
bc677b34b784341763681bd9598ded0c9f6b4f3430f51197ef2965319dd03d341dc293a5c038f08f6072e9ea0deab82b6d571bb11f34569b7804350601f66ca2
-
SSDEEP
6144:iwnPTo/IXQuL5VTucBaLArEN7zbz4reRT8oa/q+kgVYekReTohD3E1cl6:iwnPTocQuL5VlIAczbzEe987iBnUo6
Score10/10-
Detect ZGRat V1
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Stealc
Stealc is an infostealer written in C++.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-