General
-
Target
b658069a66d76710e37f8aa50075cdac1463d7ae5d58d2891194a8c861961d20
-
Size
427KB
-
Sample
240424-llfrzsge26
-
MD5
5f9d1ab2e57db08a30dda351d185f88a
-
SHA1
44506141a8667556251e5012d108488b024929f1
-
SHA256
b658069a66d76710e37f8aa50075cdac1463d7ae5d58d2891194a8c861961d20
-
SHA512
ba404e5201fe2ce6a8affa3292f9d7efb793cdaf9c96e94121000fe40de1629dc93ac55e5d76eb32d69e2fe3d1b9ef48afb248fe7046dccc6ae40e74efc40bda
-
SSDEEP
6144:koE+eLj0GxhzdLJQw4JJ5UibESomGcyTv1rJowjnZqaKiT1E/UPBUV:koE+eLj1kwkinSomGc4bNLZqab1VeV
Malware Config
Targets
-
-
Target
b658069a66d76710e37f8aa50075cdac1463d7ae5d58d2891194a8c861961d20
-
Size
427KB
-
MD5
5f9d1ab2e57db08a30dda351d185f88a
-
SHA1
44506141a8667556251e5012d108488b024929f1
-
SHA256
b658069a66d76710e37f8aa50075cdac1463d7ae5d58d2891194a8c861961d20
-
SHA512
ba404e5201fe2ce6a8affa3292f9d7efb793cdaf9c96e94121000fe40de1629dc93ac55e5d76eb32d69e2fe3d1b9ef48afb248fe7046dccc6ae40e74efc40bda
-
SSDEEP
6144:koE+eLj0GxhzdLJQw4JJ5UibESomGcyTv1rJowjnZqaKiT1E/UPBUV:koE+eLj1kwkinSomGc4bNLZqab1VeV
Score10/10-
Detect ZGRat V1
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Stealc
Stealc is an infostealer written in C++.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-