General

  • Target

    5c2ec0240ddeeac7c6678ced3b601488e296ded87aa412bb787262601e7e1165

  • Size

    405KB

  • Sample

    240424-3trmwsbg7z

  • MD5

    e9f8aadc4e55d4836a1238d7a54c2c47

  • SHA1

    400c0792d9a116b4a7fea248cce242d6178c8a94

  • SHA256

    5c2ec0240ddeeac7c6678ced3b601488e296ded87aa412bb787262601e7e1165

  • SHA512

    6e185f5f80260afb1560478ccb263a427de9e768bc6552f972cb503447ff42bfa9bc2508d9218408b0b157dbb86b9a01baef2bb2eb0be87a966d1529e123b8a4

  • SSDEEP

    6144:6lvgNss1kOj6Ljn7bgDKzgH3SYfmwdG2mFdEL4tOJDsL:6lvgmaeH4KzgXxfFGDdELuOJDsL

Malware Config

Targets

    • Target

      5c2ec0240ddeeac7c6678ced3b601488e296ded87aa412bb787262601e7e1165

    • Size

      405KB

    • MD5

      e9f8aadc4e55d4836a1238d7a54c2c47

    • SHA1

      400c0792d9a116b4a7fea248cce242d6178c8a94

    • SHA256

      5c2ec0240ddeeac7c6678ced3b601488e296ded87aa412bb787262601e7e1165

    • SHA512

      6e185f5f80260afb1560478ccb263a427de9e768bc6552f972cb503447ff42bfa9bc2508d9218408b0b157dbb86b9a01baef2bb2eb0be87a966d1529e123b8a4

    • SSDEEP

      6144:6lvgNss1kOj6Ljn7bgDKzgH3SYfmwdG2mFdEL4tOJDsL:6lvgmaeH4KzgXxfFGDdELuOJDsL

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks