Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    681bcda352bda920961a3d6608ca067b7b09f69a9bf41908360c7874219cf443

  • Size

    476KB

  • Sample

    240424-bcsebadd34

  • MD5

    fc2acd2429d8a0da854d4b50d40e2b25

  • SHA1

    d2e32147f0f28b6edb95206256bf669ddd87b601

  • SHA256

    681bcda352bda920961a3d6608ca067b7b09f69a9bf41908360c7874219cf443

  • SHA512

    f8c036c2ac09fe50689a9d0278ad50e9708957399c1edd76485c92a3947cfb82fe38ba2dbab7fa011d5249f1e79014cbce1748c9678a88c88ba23e02a76801dd

  • SSDEEP

    12288:tOlwyGqMW+ccQvLyBxzkLjQSDolWm6NsqwUwoECK:tYEbIuBxwQSEl4NwUworK

Score
10/10
sectopratstealczgratratstealertrojan

Malware Config

Targets

    • Target

      681bcda352bda920961a3d6608ca067b7b09f69a9bf41908360c7874219cf443

    • Size

      476KB

    • MD5

      fc2acd2429d8a0da854d4b50d40e2b25

    • SHA1

      d2e32147f0f28b6edb95206256bf669ddd87b601

    • SHA256

      681bcda352bda920961a3d6608ca067b7b09f69a9bf41908360c7874219cf443

    • SHA512

      f8c036c2ac09fe50689a9d0278ad50e9708957399c1edd76485c92a3947cfb82fe38ba2dbab7fa011d5249f1e79014cbce1748c9678a88c88ba23e02a76801dd

    • SSDEEP

      12288:tOlwyGqMW+ccQvLyBxzkLjQSDolWm6NsqwUwoECK:tYEbIuBxwQSEl4NwUworK

    Score
    10/10
    sectopratstealczgratratstealertrojan

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks