General

  • Target

    3a23fa6aab37992ed427992c7a5760cb88ba0972c093ca2e8e30a5d412c9f7e9

  • Size

    395KB

  • Sample

    240425-3se8gagc85

  • MD5

    e3f1203177c281c842d8b792dbc149a1

  • SHA1

    96ac547ad6da9226979cc188ff7a98f71073f681

  • SHA256

    3a23fa6aab37992ed427992c7a5760cb88ba0972c093ca2e8e30a5d412c9f7e9

  • SHA512

    2827a461ab71fb4cfd04b91ec21c483eb336754b49024725df4b1bc4d347cc59187f8e286b6413f89185693fd49f558e0969d559fec95b2754cd3bff421dbe1b

  • SSDEEP

    6144:bDT/bT/y5pUYwa0tjXZfSFZtKn+iW9c5BGIpuluXyCAmIC1rPI:bHf/KpmaKQAJ5BQsCqtxI

Malware Config

Targets

    • Target

      3a23fa6aab37992ed427992c7a5760cb88ba0972c093ca2e8e30a5d412c9f7e9

    • Size

      395KB

    • MD5

      e3f1203177c281c842d8b792dbc149a1

    • SHA1

      96ac547ad6da9226979cc188ff7a98f71073f681

    • SHA256

      3a23fa6aab37992ed427992c7a5760cb88ba0972c093ca2e8e30a5d412c9f7e9

    • SHA512

      2827a461ab71fb4cfd04b91ec21c483eb336754b49024725df4b1bc4d347cc59187f8e286b6413f89185693fd49f558e0969d559fec95b2754cd3bff421dbe1b

    • SSDEEP

      6144:bDT/bT/y5pUYwa0tjXZfSFZtKn+iW9c5BGIpuluXyCAmIC1rPI:bHf/KpmaKQAJ5BQsCqtxI

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks