General

  • Target

    a21b303682d41e80da0e12bdc1340595956133c5a639370140155420ac458734

  • Size

    413KB

  • Sample

    240424-3bva3abe2y

  • MD5

    cb8726b5a4f73bc23ad2fbecfd904a56

  • SHA1

    1b81527e4ea0af08b6c75b24b83bea2ba1012204

  • SHA256

    a21b303682d41e80da0e12bdc1340595956133c5a639370140155420ac458734

  • SHA512

    559287d561ed2664446a22daae9b15c687d9e3eede530e35fbe7087c42255eceade198b9524e33e3485eed44f5f56fa9862c968069b9a905f918405b2de6c56f

  • SSDEEP

    6144:7p2VfZltnPHFzJfwrmLGlZRyLfRnXQGlOFNoHYN/XtaddEL4tOqZO:7p2VBbnPHXfGMcyOGlOrkYedELuOqZO

Malware Config

Targets

    • Target

      a21b303682d41e80da0e12bdc1340595956133c5a639370140155420ac458734

    • Size

      413KB

    • MD5

      cb8726b5a4f73bc23ad2fbecfd904a56

    • SHA1

      1b81527e4ea0af08b6c75b24b83bea2ba1012204

    • SHA256

      a21b303682d41e80da0e12bdc1340595956133c5a639370140155420ac458734

    • SHA512

      559287d561ed2664446a22daae9b15c687d9e3eede530e35fbe7087c42255eceade198b9524e33e3485eed44f5f56fa9862c968069b9a905f918405b2de6c56f

    • SSDEEP

      6144:7p2VfZltnPHFzJfwrmLGlZRyLfRnXQGlOFNoHYN/XtaddEL4tOqZO:7p2VBbnPHXfGMcyOGlOrkYedELuOqZO

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks