General

  • Target

    08970e2ed8c1e7f7d06a9e671ac46c985e518ee27f13409657f956376143c462

  • Size

    472KB

  • Sample

    240425-a4276acd38

  • MD5

    c74c986267ef3888d2b51c9fcb43c0e8

  • SHA1

    b774e3c605c8c355d7958aba0df9a35f7aafa780

  • SHA256

    08970e2ed8c1e7f7d06a9e671ac46c985e518ee27f13409657f956376143c462

  • SHA512

    567a80fcb525e616e53abc23e5210cca80c4b35b08d395b197aec0d2d55175c943c628c7529e94e12293771efb05aedeb820149bcc33c7c7c0b6cbcda3355276

  • SSDEEP

    6144:D2Rbioiq9m8UoG+OHU/735czCUtOEEtv9/01eEJch899myc5F:D2RbiO9m8U1UlczrPa01eW2885F

Malware Config

Targets

    • Target

      08970e2ed8c1e7f7d06a9e671ac46c985e518ee27f13409657f956376143c462

    • Size

      472KB

    • MD5

      c74c986267ef3888d2b51c9fcb43c0e8

    • SHA1

      b774e3c605c8c355d7958aba0df9a35f7aafa780

    • SHA256

      08970e2ed8c1e7f7d06a9e671ac46c985e518ee27f13409657f956376143c462

    • SHA512

      567a80fcb525e616e53abc23e5210cca80c4b35b08d395b197aec0d2d55175c943c628c7529e94e12293771efb05aedeb820149bcc33c7c7c0b6cbcda3355276

    • SSDEEP

      6144:D2Rbioiq9m8UoG+OHU/735czCUtOEEtv9/01eEJch899myc5F:D2RbiO9m8U1UlczrPa01eW2885F

    • Detect ZGRat V1

    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks