General

  • Target

    0968642a950d9e72abd3dd209b2afdc1c2da07c581f6c4926d451cc5e44c0df7

  • Size

    476KB

  • Sample

    240425-a47smscd42

  • MD5

    b3dc9fc52e17387fe7473779cda9fe08

  • SHA1

    7717fef10e5f4e3584c1e0b5c34684e455005b70

  • SHA256

    0968642a950d9e72abd3dd209b2afdc1c2da07c581f6c4926d451cc5e44c0df7

  • SHA512

    0d0c16d6816708580dc697f219d70697d9e1759da5b72e019b2799d02381b5372628e3ea5e60855abd19eb76308e362341ab52ddbf08b9c707bc9e99abab0f28

  • SSDEEP

    12288:tOlwyGqMW+ccQvLyBxzkLjQSDolWm6NsqwUwoECF:tYEbIuBxwQSEl4NwUworF

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.76

Attributes
  • url_path

    /3cd2b41cbde8fc9c.php

Targets

    • Target

      0968642a950d9e72abd3dd209b2afdc1c2da07c581f6c4926d451cc5e44c0df7

    • Size

      476KB

    • MD5

      b3dc9fc52e17387fe7473779cda9fe08

    • SHA1

      7717fef10e5f4e3584c1e0b5c34684e455005b70

    • SHA256

      0968642a950d9e72abd3dd209b2afdc1c2da07c581f6c4926d451cc5e44c0df7

    • SHA512

      0d0c16d6816708580dc697f219d70697d9e1759da5b72e019b2799d02381b5372628e3ea5e60855abd19eb76308e362341ab52ddbf08b9c707bc9e99abab0f28

    • SSDEEP

      12288:tOlwyGqMW+ccQvLyBxzkLjQSDolWm6NsqwUwoECF:tYEbIuBxwQSEl4NwUworF

    • Detect ZGRat V1

    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks