General

  • Target

    d34feb5a831fde3d725e1634834488ed896a7f4ac453126b6355352b2bb16c29

  • Size

    395KB

  • Sample

    240425-21jp7agb4v

  • MD5

    4a9c0f7eb1a91c34fae8394d485141b9

  • SHA1

    6c61fb83d448755dcfd9fe5113ebcd0e5d1a3173

  • SHA256

    d34feb5a831fde3d725e1634834488ed896a7f4ac453126b6355352b2bb16c29

  • SHA512

    c85843f23e84097517404c15c9976d9c2c229ba0647708791e8b0856f4318bc501ffc3e82decae5b6ac9f55476f2418e4e20a7bd55bd340d920e78d305635fac

  • SSDEEP

    6144:wfvZZIElv79VasTMGa6tc4F4LiHOWfBmu+rbCmkLiCjj8/UXewVljd/:wPIER79VFXawc4DaDPCmAiz/UXzR/

Malware Config

Targets

    • Target

      d34feb5a831fde3d725e1634834488ed896a7f4ac453126b6355352b2bb16c29

    • Size

      395KB

    • MD5

      4a9c0f7eb1a91c34fae8394d485141b9

    • SHA1

      6c61fb83d448755dcfd9fe5113ebcd0e5d1a3173

    • SHA256

      d34feb5a831fde3d725e1634834488ed896a7f4ac453126b6355352b2bb16c29

    • SHA512

      c85843f23e84097517404c15c9976d9c2c229ba0647708791e8b0856f4318bc501ffc3e82decae5b6ac9f55476f2418e4e20a7bd55bd340d920e78d305635fac

    • SSDEEP

      6144:wfvZZIElv79VasTMGa6tc4F4LiHOWfBmu+rbCmkLiCjj8/UXewVljd/:wPIER79VFXawc4DaDPCmAiz/UXzR/

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks