General

  • Target

    da7e46c36b67dd3e4ea7bb2218dc582f8d42cc508d0a1fa09e57e5bd5133e62c

  • Size

    407KB

  • Sample

    240424-yhmscagc4v

  • MD5

    fec3c8b73b3b2b3a8f53f4d1b1c383fd

  • SHA1

    af5476e25e235de1a1ba98deb09cf095a4e7ae6d

  • SHA256

    da7e46c36b67dd3e4ea7bb2218dc582f8d42cc508d0a1fa09e57e5bd5133e62c

  • SHA512

    21898216fb888fe1539b2c3220b367c07710133e6e1e275b4de013e57237f169ae118286b2136b891ef5b8ae2bbb69aca0fff63166f3da7991b0e757d6d4b87d

  • SSDEEP

    12288:TR9O+taKgZxoUe8NtddpJ3UMpZIedELuRl:++0Px/TUaZIyELuRl

Malware Config

Targets

    • Target

      da7e46c36b67dd3e4ea7bb2218dc582f8d42cc508d0a1fa09e57e5bd5133e62c

    • Size

      407KB

    • MD5

      fec3c8b73b3b2b3a8f53f4d1b1c383fd

    • SHA1

      af5476e25e235de1a1ba98deb09cf095a4e7ae6d

    • SHA256

      da7e46c36b67dd3e4ea7bb2218dc582f8d42cc508d0a1fa09e57e5bd5133e62c

    • SHA512

      21898216fb888fe1539b2c3220b367c07710133e6e1e275b4de013e57237f169ae118286b2136b891ef5b8ae2bbb69aca0fff63166f3da7991b0e757d6d4b87d

    • SSDEEP

      12288:TR9O+taKgZxoUe8NtddpJ3UMpZIedELuRl:++0Px/TUaZIyELuRl

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks