General

  • Target

    8b4b5c8cb03dc8d14b4faf1f3af66c1a224d4cb440390db3ae291e2e57a05aaf

  • Size

    413KB

  • Sample

    240424-28nzwabd63

  • MD5

    8072c219cb44ec3d8a06eef00d9114fa

  • SHA1

    7859b9109a78ad153151cc5eb2840d7225fb96a4

  • SHA256

    8b4b5c8cb03dc8d14b4faf1f3af66c1a224d4cb440390db3ae291e2e57a05aaf

  • SHA512

    78f5b355e3081e22f489123dd36b9336e2f0555511b5f6a9a5f1fcb702e4ad6872de4c059006f6e454707da51b42c3e82961c3b1d6b7b59594620d4c86d593e6

  • SSDEEP

    6144:7p2VfZltnPHFzJfwrmLGlZRyLfRnXQGlOFNoHYN/XtaddEL4tOqZJ:7p2VBbnPHXfGMcyOGlOrkYedELuOqZJ

Malware Config

Targets

    • Target

      8b4b5c8cb03dc8d14b4faf1f3af66c1a224d4cb440390db3ae291e2e57a05aaf

    • Size

      413KB

    • MD5

      8072c219cb44ec3d8a06eef00d9114fa

    • SHA1

      7859b9109a78ad153151cc5eb2840d7225fb96a4

    • SHA256

      8b4b5c8cb03dc8d14b4faf1f3af66c1a224d4cb440390db3ae291e2e57a05aaf

    • SHA512

      78f5b355e3081e22f489123dd36b9336e2f0555511b5f6a9a5f1fcb702e4ad6872de4c059006f6e454707da51b42c3e82961c3b1d6b7b59594620d4c86d593e6

    • SSDEEP

      6144:7p2VfZltnPHFzJfwrmLGlZRyLfRnXQGlOFNoHYN/XtaddEL4tOqZJ:7p2VBbnPHXfGMcyOGlOrkYedELuOqZJ

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks