General

  • Target

    840655d106143b4bdaef614022b43d2627db026e013b14bffee3e7d5efcb1054

  • Size

    476KB

  • Sample

    240424-3xc9nsbh3s

  • MD5

    7e96921cd827a9fb6ccf08238422aa51

  • SHA1

    db02dd72c96efffd83e4dbda2390dd0a28df66fa

  • SHA256

    840655d106143b4bdaef614022b43d2627db026e013b14bffee3e7d5efcb1054

  • SHA512

    1932fa7243bd8ad02d13fe6cd0bfd9a0e724c38f977909b4ebffda14fa98c2d1a26cb75166ef3206f95abf08f3356a519ec7252f84a23c9feea52c51e163652f

  • SSDEEP

    6144:7hW0aGa2aE6wcZKKVv+YRoRH/XQ3zpKYyusjUNV8NI1izEoUdsTu4hsaKqbICP:7h9aGhQ/7pVR6fXKlCu3vgQizK64oECP

Malware Config

Targets

    • Target

      840655d106143b4bdaef614022b43d2627db026e013b14bffee3e7d5efcb1054

    • Size

      476KB

    • MD5

      7e96921cd827a9fb6ccf08238422aa51

    • SHA1

      db02dd72c96efffd83e4dbda2390dd0a28df66fa

    • SHA256

      840655d106143b4bdaef614022b43d2627db026e013b14bffee3e7d5efcb1054

    • SHA512

      1932fa7243bd8ad02d13fe6cd0bfd9a0e724c38f977909b4ebffda14fa98c2d1a26cb75166ef3206f95abf08f3356a519ec7252f84a23c9feea52c51e163652f

    • SSDEEP

      6144:7hW0aGa2aE6wcZKKVv+YRoRH/XQ3zpKYyusjUNV8NI1izEoUdsTu4hsaKqbICP:7h9aGhQ/7pVR6fXKlCu3vgQizK64oECP

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Detects encrypted or obfuscated .NET executables

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks