General

  • Target

    143624dd03010311d6f3523eac79cf2e30ef5874377a8f7e83094e6c0600e671

  • Size

    413KB

  • Sample

    240424-yvex9sgf3y

  • MD5

    20b593ec23ab028666cdbee6def1abaf

  • SHA1

    b0ecea22a95346b7cb34e1d8dec71d2d3d2ef597

  • SHA256

    143624dd03010311d6f3523eac79cf2e30ef5874377a8f7e83094e6c0600e671

  • SHA512

    045a6956fe8e74c039d0df346c2416693160cc4acc1c8c66f85623aba2808f46aa466f9d30de5baac4200946ada4b93437cd86c38c071fd5840f464ebd352a9e

  • SSDEEP

    12288:49NL1baM8Gb2L1BZJMFiLrTSeLrkf8BIV+xdELuRaZR:kdaM8Gk1BoiLrTvkEBIVqELuRaH

Malware Config

Targets

    • Target

      143624dd03010311d6f3523eac79cf2e30ef5874377a8f7e83094e6c0600e671

    • Size

      413KB

    • MD5

      20b593ec23ab028666cdbee6def1abaf

    • SHA1

      b0ecea22a95346b7cb34e1d8dec71d2d3d2ef597

    • SHA256

      143624dd03010311d6f3523eac79cf2e30ef5874377a8f7e83094e6c0600e671

    • SHA512

      045a6956fe8e74c039d0df346c2416693160cc4acc1c8c66f85623aba2808f46aa466f9d30de5baac4200946ada4b93437cd86c38c071fd5840f464ebd352a9e

    • SSDEEP

      12288:49NL1baM8Gb2L1BZJMFiLrTSeLrkf8BIV+xdELuRaZR:kdaM8Gk1BoiLrTvkEBIVqELuRaH

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks