General

  • Target

    0ff09014efe7b589c172f49db19b9db9a711e993b6da0b4e0fde4a73ffb0048d

  • Size

    414KB

  • Sample

    240425-a8rl8acd78

  • MD5

    3b2dc0c822a7630745a2ce5523e83ad5

  • SHA1

    b91d513e90c8d71221f14cf0b617bc459faf26d2

  • SHA256

    0ff09014efe7b589c172f49db19b9db9a711e993b6da0b4e0fde4a73ffb0048d

  • SHA512

    9a32a16a0cb984da7ce71f3a023cb6fbdd4645005f6274a14f543c00325c6806196d465746d2ab7873697dfd32ad4c64d03e5fc16f27dd114432f4bca53e5b49

  • SSDEEP

    6144:GaNowv7MR+dM+A4K3Kc8Y2Yem0IuONlLfiFtDgjTUGU6J51:GaNPv7Q+72K4eYrlLQDg0xo1

Malware Config

Targets

    • Target

      0ff09014efe7b589c172f49db19b9db9a711e993b6da0b4e0fde4a73ffb0048d

    • Size

      414KB

    • MD5

      3b2dc0c822a7630745a2ce5523e83ad5

    • SHA1

      b91d513e90c8d71221f14cf0b617bc459faf26d2

    • SHA256

      0ff09014efe7b589c172f49db19b9db9a711e993b6da0b4e0fde4a73ffb0048d

    • SHA512

      9a32a16a0cb984da7ce71f3a023cb6fbdd4645005f6274a14f543c00325c6806196d465746d2ab7873697dfd32ad4c64d03e5fc16f27dd114432f4bca53e5b49

    • SSDEEP

      6144:GaNowv7MR+dM+A4K3Kc8Y2Yem0IuONlLfiFtDgjTUGU6J51:GaNPv7Q+72K4eYrlLQDg0xo1

    • Detect ZGRat V1

    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks