Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    3d60b4bf2aaabcf3fd6df8b20f53bc70d5ab961afca5fba8b09ad15ee1bc1995

  • Size

    462KB

  • Sample

    240423-s67jrshf38

  • MD5

    c8b5e7d4514c3b4d1c10e779fc690cb5

  • SHA1

    f2a7569c473c9c27db0144460ebbdd5dc5c742f3

  • SHA256

    3d60b4bf2aaabcf3fd6df8b20f53bc70d5ab961afca5fba8b09ad15ee1bc1995

  • SHA512

    35b999dd651dd1339f5aa80e0b9664bcf8c47160708d4b2f38e691096ef8c8e8ce0afc6d99ace987ccc85bc7b2c0ee623ed23d2981ffe2c6540f12f92bc1bbd1

  • SSDEEP

    6144:HlJTrjFeiyh4RXR+Ll+a6JiZ/I0y7OnE1cOl:HlJTvFlyCR4l+a6Ji5I97TXl

Score
10/10
sectopratstealczgratratstealertrojan

Malware Config

Targets

    • Target

      3d60b4bf2aaabcf3fd6df8b20f53bc70d5ab961afca5fba8b09ad15ee1bc1995

    • Size

      462KB

    • MD5

      c8b5e7d4514c3b4d1c10e779fc690cb5

    • SHA1

      f2a7569c473c9c27db0144460ebbdd5dc5c742f3

    • SHA256

      3d60b4bf2aaabcf3fd6df8b20f53bc70d5ab961afca5fba8b09ad15ee1bc1995

    • SHA512

      35b999dd651dd1339f5aa80e0b9664bcf8c47160708d4b2f38e691096ef8c8e8ce0afc6d99ace987ccc85bc7b2c0ee623ed23d2981ffe2c6540f12f92bc1bbd1

    • SSDEEP

      6144:HlJTrjFeiyh4RXR+Ll+a6JiZ/I0y7OnE1cOl:HlJTvFlyCR4l+a6Ji5I97TXl

    Score
    10/10
    sectopratstealczgratratstealertrojan

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks