sectoprat

General

Target

e17ee555e53406a2ab973d5212ade5e0bb77deaad8e4708c89e1db610ff2f31e
Size

406KB
Sample

240424-qajrqaad38
MD5

b33c6a044a9874ca490bb6ea582f9255
SHA1

d4cd58a9d554501e2df1736f6887f1e314de4264
SHA256

e17ee555e53406a2ab973d5212ade5e0bb77deaad8e4708c89e1db610ff2f31e
SHA512

39c61d22f380ce718868f0a19e607b7e4ef73053ce15c70dba31fd6f266eb5ce48e78f68218a003b8236216a9745ceee68a664cbbabdf991f7d78d191c680ec6
SSDEEP

6144:Sx9r9oS1wfUcPAYhEvZvsgHKCgTDmyU5r4ejMU2hKvEpn/UPB5P:Sx9hoS1w2YQskAm9WwvR3P

Score

10^/10

Malware Config

Targets

- Target
  
  e17ee555e53406a2ab973d5212ade5e0bb77deaad8e4708c89e1db610ff2f31e
- Size
  
  406KB
- MD5
  
  b33c6a044a9874ca490bb6ea582f9255
- SHA1
  
  d4cd58a9d554501e2df1736f6887f1e314de4264
- SHA256
  
  e17ee555e53406a2ab973d5212ade5e0bb77deaad8e4708c89e1db610ff2f31e
- SHA512
  
  39c61d22f380ce718868f0a19e607b7e4ef73053ce15c70dba31fd6f266eb5ce48e78f68218a003b8236216a9745ceee68a664cbbabdf991f7d78d191c680ec6
- SSDEEP
  
  6144:Sx9r9oS1wfUcPAYhEvZvsgHKCgTDmyU5r4ejMU2hKvEpn/UPB5P:Sx9hoS1w2YQskAm9WwvR3P
Score

10^/10

sectoprat stealc zgrat rat stealer trojan
- Detect ZGRat V1
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detect ZGRat V1

SectopRAT payload

Stealc

ZGRat

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2