Overview

overview

10

Static

static

3

c77d0ad9e5...22.exe

windows7-x64

10

c77d0ad9e5...22.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0d786a8a1e1b6e6f5e7ba2818e7b4d8b.bin

  • Size

    287KB

  • Sample

    240424-bcylbsdc7z

  • MD5

    325d4a2a0e251d6114334a84e7a2d00d

  • SHA1

    44c7861bbf8e82995f8dd27856ba38c9c49b44e6

  • SHA256

    f29bcd89dc69d7b8a796d77d4fa748f960af6e296486432692ae95a7ac03f254

  • SHA512

    67bfbda1e000c9a7ec5c9e416b34fe64f1131fbfb53536d19e4d685809414ecbb4d7f1b248d7a87f4ee31d27d3ee07e215972ff5533c31e989ecdba9b34e987f

  • SSDEEP

    6144:lMxJUAHiPgZStYD3QBh/uE5S8jFXHCOLqUQmN:lMUCiPCSOD3QOE5/HC8qUhN

Score
10/10
sectopratstealczgratratstealertrojan

Malware Config

Targets

    • Target

      c77d0ad9e5b78f00d205c87e58db5c6491a1d41b1c05259162a45f845bb89922.exe

    • Size

      415KB

    • MD5

      0d786a8a1e1b6e6f5e7ba2818e7b4d8b

    • SHA1

      23b79e5ea6936681765233bd0de97d7bd2009b01

    • SHA256

      c77d0ad9e5b78f00d205c87e58db5c6491a1d41b1c05259162a45f845bb89922

    • SHA512

      fa96954ca71c780f66c5e67060d3280def540165018c623edf97a03d391d1e465b8ea2ea369802d21b7ade090dd6d887549f0048c0d0f167a2e01b1004f2ef2d

    • SSDEEP

      6144:/aN1HIT5R7GDqn3D8mHUwsYPxLF7wBPJlGKVLf0ZFvS6HBiJ/I:/aN1HIz7GDC/HLsOMh5pqFvS2iI

    Score
    10/10
    sectopratstealczgratratstealertrojan

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks