General

  • Target

    56e4460f9caf322c4bdbf55a900a89e2e68c960f9d305052b5912784b14a59ea

  • Size

    413KB

  • Sample

    240424-yt4j8sgf3t

  • MD5

    dece996fefcab2b290082da54942bca0

  • SHA1

    11b6e3c3fd887964b970952fb5cb3cf10862c1be

  • SHA256

    56e4460f9caf322c4bdbf55a900a89e2e68c960f9d305052b5912784b14a59ea

  • SHA512

    f77f0ee63e954e8f2f61f02b355025584a3764eacb432b593a11b2ffba51a57cc353eec29c2c2dcccdb9dc348e5c99b197d4b23ea0b6fa5a7c9e9d89e18e9fe9

  • SSDEEP

    12288:49NL1baM8Gb2L1BZJMFiLrTSeLrkf8BIV+xdELuRaZW:kdaM8Gk1BoiLrTvkEBIVqELuRaA

Malware Config

Targets

    • Target

      56e4460f9caf322c4bdbf55a900a89e2e68c960f9d305052b5912784b14a59ea

    • Size

      413KB

    • MD5

      dece996fefcab2b290082da54942bca0

    • SHA1

      11b6e3c3fd887964b970952fb5cb3cf10862c1be

    • SHA256

      56e4460f9caf322c4bdbf55a900a89e2e68c960f9d305052b5912784b14a59ea

    • SHA512

      f77f0ee63e954e8f2f61f02b355025584a3764eacb432b593a11b2ffba51a57cc353eec29c2c2dcccdb9dc348e5c99b197d4b23ea0b6fa5a7c9e9d89e18e9fe9

    • SSDEEP

      12288:49NL1baM8Gb2L1BZJMFiLrTSeLrkf8BIV+xdELuRaZW:kdaM8Gk1BoiLrTvkEBIVqELuRaA

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks