General

  • Target

    e559e511e008889ec815ad8553e4600fd514ab2d95e3f569a8c8f04d7b086c28

  • Size

    413KB

  • Sample

    240424-28xa9abd65

  • MD5

    20c9a9779ad33793278c82b5cf25a032

  • SHA1

    096dc69c036ba3fbac9ff4194cdb72a3f563bb96

  • SHA256

    e559e511e008889ec815ad8553e4600fd514ab2d95e3f569a8c8f04d7b086c28

  • SHA512

    08bf8d7df847bf0ac18ce80342f4bb1ad70c03b50ef023665f4df74a4c03bbfb90ce597ce8dbcebd92150a4c5ff6ee4184505a151d045923e521ff0e4829316b

  • SSDEEP

    6144:7p2VfZltnPHFzJfwrmLGlZRyLfRnXQGlOFNoHYN/XtaddEL4tOqZM:7p2VBbnPHXfGMcyOGlOrkYedELuOqZM

Malware Config

Targets

    • Target

      e559e511e008889ec815ad8553e4600fd514ab2d95e3f569a8c8f04d7b086c28

    • Size

      413KB

    • MD5

      20c9a9779ad33793278c82b5cf25a032

    • SHA1

      096dc69c036ba3fbac9ff4194cdb72a3f563bb96

    • SHA256

      e559e511e008889ec815ad8553e4600fd514ab2d95e3f569a8c8f04d7b086c28

    • SHA512

      08bf8d7df847bf0ac18ce80342f4bb1ad70c03b50ef023665f4df74a4c03bbfb90ce597ce8dbcebd92150a4c5ff6ee4184505a151d045923e521ff0e4829316b

    • SSDEEP

      6144:7p2VfZltnPHFzJfwrmLGlZRyLfRnXQGlOFNoHYN/XtaddEL4tOqZM:7p2VBbnPHXfGMcyOGlOrkYedELuOqZM

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks