General

  • Target

    7e17c8b811bf378da3b841f441f7ee4cac11d541147a2345510589df41ffdb69

  • Size

    413KB

  • Sample

    240424-2911tsbd71

  • MD5

    788540ec70acc76196184af840f8429f

  • SHA1

    0a6858e5dd0c487db27cbfe359546c000c5992a3

  • SHA256

    7e17c8b811bf378da3b841f441f7ee4cac11d541147a2345510589df41ffdb69

  • SHA512

    b537949f7ac9f1ba24ff9fd0f0bf975ffaaa4df09a99c22abd27459688d4f9349656d15df5eda1209ffc466588496d9f00df432b76ec111e7af9620d5559bcc4

  • SSDEEP

    6144:7p2VfZltnPHFzJfwrmLGlZRyLfRnXQGlOFNoHYN/XtaddEL4tOqZD:7p2VBbnPHXfGMcyOGlOrkYedELuOqZD

Malware Config

Targets

    • Target

      7e17c8b811bf378da3b841f441f7ee4cac11d541147a2345510589df41ffdb69

    • Size

      413KB

    • MD5

      788540ec70acc76196184af840f8429f

    • SHA1

      0a6858e5dd0c487db27cbfe359546c000c5992a3

    • SHA256

      7e17c8b811bf378da3b841f441f7ee4cac11d541147a2345510589df41ffdb69

    • SHA512

      b537949f7ac9f1ba24ff9fd0f0bf975ffaaa4df09a99c22abd27459688d4f9349656d15df5eda1209ffc466588496d9f00df432b76ec111e7af9620d5559bcc4

    • SSDEEP

      6144:7p2VfZltnPHFzJfwrmLGlZRyLfRnXQGlOFNoHYN/XtaddEL4tOqZD:7p2VBbnPHXfGMcyOGlOrkYedELuOqZD

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks