General

  • Target

    ba2b4f9838a8552084f73dbf313ecc2ce229149d37102888d46c6bd83dc86612

  • Size

    395KB

  • Sample

    240425-3vqrzsgd22

  • MD5

    8913a1b91d8ea62c00be520d1f15203a

  • SHA1

    d3f32b92c23130967f4072bd1e0787bf98e9ff16

  • SHA256

    ba2b4f9838a8552084f73dbf313ecc2ce229149d37102888d46c6bd83dc86612

  • SHA512

    37b13153c125a78c42fb108bbbddd89c207190663f72b880806843490695b8242db16ccb681dceff501ab66b9bd67eefd9d52a6022da14ad1f98cf2fabe1c0d9

  • SSDEEP

    6144:bDT/bT/y5pUYwa0tjXZfSFZtKn+iW9c5BGIpuluXyCAmIC1rPP:bHf/KpmaKQAJ5BQsCqtxP

Malware Config

Targets

    • Target

      ba2b4f9838a8552084f73dbf313ecc2ce229149d37102888d46c6bd83dc86612

    • Size

      395KB

    • MD5

      8913a1b91d8ea62c00be520d1f15203a

    • SHA1

      d3f32b92c23130967f4072bd1e0787bf98e9ff16

    • SHA256

      ba2b4f9838a8552084f73dbf313ecc2ce229149d37102888d46c6bd83dc86612

    • SHA512

      37b13153c125a78c42fb108bbbddd89c207190663f72b880806843490695b8242db16ccb681dceff501ab66b9bd67eefd9d52a6022da14ad1f98cf2fabe1c0d9

    • SSDEEP

      6144:bDT/bT/y5pUYwa0tjXZfSFZtKn+iW9c5BGIpuluXyCAmIC1rPP:bHf/KpmaKQAJ5BQsCqtxP

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks