General

  • Target

    3e570a6ae430477ac8e91f06800255944007f2e731c8de037cd95d718357919e

  • Size

    413KB

  • Sample

    240424-yvcsxagf75

  • MD5

    461e619436f4b328d77434ccdad9e0ff

  • SHA1

    bde2eb7c03b7bee0eba6f7cb4242b57e9b444357

  • SHA256

    3e570a6ae430477ac8e91f06800255944007f2e731c8de037cd95d718357919e

  • SHA512

    6ed8b3938cb5b2233f75c1b31cbca7c1f818d772b26640352787e9f521c949530a52855c88b41a2ce5ca12447deba265e38c69e2f850ced8a2eae0aa54d99f4f

  • SSDEEP

    12288:49NL1baM8Gb2L1BZJMFiLrTSeLrkf8BIV+xdELuRaZb:kdaM8Gk1BoiLrTvkEBIVqELuRaN

Malware Config

Targets

    • Target

      3e570a6ae430477ac8e91f06800255944007f2e731c8de037cd95d718357919e

    • Size

      413KB

    • MD5

      461e619436f4b328d77434ccdad9e0ff

    • SHA1

      bde2eb7c03b7bee0eba6f7cb4242b57e9b444357

    • SHA256

      3e570a6ae430477ac8e91f06800255944007f2e731c8de037cd95d718357919e

    • SHA512

      6ed8b3938cb5b2233f75c1b31cbca7c1f818d772b26640352787e9f521c949530a52855c88b41a2ce5ca12447deba265e38c69e2f850ced8a2eae0aa54d99f4f

    • SSDEEP

      12288:49NL1baM8Gb2L1BZJMFiLrTSeLrkf8BIV+xdELuRaZb:kdaM8Gk1BoiLrTvkEBIVqELuRaN

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks