General

  • Target

    187d21a071e668c2c1ed3a47dc1dbe7df33d83d5f68f9f68afc291cf5729992b

  • Size

    395KB

  • Sample

    240425-3t9hpsgc99

  • MD5

    a808d65d14f8acf0ac6ff3d635540d52

  • SHA1

    f3171f961f8e6fcb5959877987dd20359cdddf67

  • SHA256

    187d21a071e668c2c1ed3a47dc1dbe7df33d83d5f68f9f68afc291cf5729992b

  • SHA512

    9713691fb979166e088114e71e8b490cba26e39683a5e2aac7277f2ef544e54b743c235dbfb680c36b111d1610b6a4fbcebc1575b240a485e486f6c9ccb30b39

  • SSDEEP

    6144:bDT/bT/y5pUYwa0tjXZfSFZtKn+iW9c5BGIpuluXyCAmIC1rPF:bHf/KpmaKQAJ5BQsCqtxF

Malware Config

Targets

    • Target

      187d21a071e668c2c1ed3a47dc1dbe7df33d83d5f68f9f68afc291cf5729992b

    • Size

      395KB

    • MD5

      a808d65d14f8acf0ac6ff3d635540d52

    • SHA1

      f3171f961f8e6fcb5959877987dd20359cdddf67

    • SHA256

      187d21a071e668c2c1ed3a47dc1dbe7df33d83d5f68f9f68afc291cf5729992b

    • SHA512

      9713691fb979166e088114e71e8b490cba26e39683a5e2aac7277f2ef544e54b743c235dbfb680c36b111d1610b6a4fbcebc1575b240a485e486f6c9ccb30b39

    • SSDEEP

      6144:bDT/bT/y5pUYwa0tjXZfSFZtKn+iW9c5BGIpuluXyCAmIC1rPF:bHf/KpmaKQAJ5BQsCqtxF

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks