General

  • Target

    019d1fcf6f6d53bc9fc12308edd7ee0bd45c2aa78fcf544699304e54e92d6cdc

  • Size

    395KB

  • Sample

    240425-2zsayagb49

  • MD5

    717a249e3a388cd338bc9ad2c725d7ef

  • SHA1

    cce489562285eb3abdcf3090cf5068332a1e8fb4

  • SHA256

    019d1fcf6f6d53bc9fc12308edd7ee0bd45c2aa78fcf544699304e54e92d6cdc

  • SHA512

    6031b1580e3ab46d8c2e245a642c0b6c464919b76ef648ff8b7242d3bb34d6d7b4a88e6fd6b0f85d22d755c0124940c3472bdabc7472a1ff30c83f2997466a03

  • SSDEEP

    6144:wfvZZIElv79VasTMGa6tc4F4LiHOWfBmu+rbCmkLiCjj8/UXewVljd4:wPIER79VFXawc4DaDPCmAiz/UXzR4

Malware Config

Targets

    • Target

      019d1fcf6f6d53bc9fc12308edd7ee0bd45c2aa78fcf544699304e54e92d6cdc

    • Size

      395KB

    • MD5

      717a249e3a388cd338bc9ad2c725d7ef

    • SHA1

      cce489562285eb3abdcf3090cf5068332a1e8fb4

    • SHA256

      019d1fcf6f6d53bc9fc12308edd7ee0bd45c2aa78fcf544699304e54e92d6cdc

    • SHA512

      6031b1580e3ab46d8c2e245a642c0b6c464919b76ef648ff8b7242d3bb34d6d7b4a88e6fd6b0f85d22d755c0124940c3472bdabc7472a1ff30c83f2997466a03

    • SSDEEP

      6144:wfvZZIElv79VasTMGa6tc4F4LiHOWfBmu+rbCmkLiCjj8/UXewVljd4:wPIER79VFXawc4DaDPCmAiz/UXzR4

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks