General

  • Target

    27bdccfa15fe8ca83abbc85d06bca0e4061b51b46dbc34d8a8a13741bea4ccf6

  • Size

    395KB

  • Sample

    240425-2y6ryagb45

  • MD5

    95b565b4f9f6fdabea41ac21fe8f048e

  • SHA1

    248b627d7ad7d75e57f82fa3892b021add6f43ae

  • SHA256

    27bdccfa15fe8ca83abbc85d06bca0e4061b51b46dbc34d8a8a13741bea4ccf6

  • SHA512

    5a4c53d3f8ccf1ca58f0b90e29197a2e9f9256a6c21f31de553dd5e5cd6afde7994613bc94d917c21a82ceb312f9b2bc1433b25494fa2e895b73386f55b813b9

  • SSDEEP

    6144:wfvZZIElv79VasTMGa6tc4F4LiHOWfBmu+rbCmkLiCjj8/UXewVljd6:wPIER79VFXawc4DaDPCmAiz/UXzR6

Malware Config

Targets

    • Target

      27bdccfa15fe8ca83abbc85d06bca0e4061b51b46dbc34d8a8a13741bea4ccf6

    • Size

      395KB

    • MD5

      95b565b4f9f6fdabea41ac21fe8f048e

    • SHA1

      248b627d7ad7d75e57f82fa3892b021add6f43ae

    • SHA256

      27bdccfa15fe8ca83abbc85d06bca0e4061b51b46dbc34d8a8a13741bea4ccf6

    • SHA512

      5a4c53d3f8ccf1ca58f0b90e29197a2e9f9256a6c21f31de553dd5e5cd6afde7994613bc94d917c21a82ceb312f9b2bc1433b25494fa2e895b73386f55b813b9

    • SSDEEP

      6144:wfvZZIElv79VasTMGa6tc4F4LiHOWfBmu+rbCmkLiCjj8/UXewVljd6:wPIER79VFXawc4DaDPCmAiz/UXzR6

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks