General

  • Target

    12ff2c609d32ddaeab23d2ddefea06f2382c73daa8e7bb44553771651a52aec8

  • Size

    462KB

  • Sample

    240425-bafbzace22

  • MD5

    752c19741396cdd6c4822fbb73778a21

  • SHA1

    8bdd9b2d6c1f020e2c92f42b627fc17632b8e1f7

  • SHA256

    12ff2c609d32ddaeab23d2ddefea06f2382c73daa8e7bb44553771651a52aec8

  • SHA512

    c44408a79a2fb37fb97c0bda357d6db7bb39c177f726fd88efdd372b015a6edf1228a0c87723a521cd0bb2152153629933aab5506bfd200566f7b859fd4948da

  • SSDEEP

    12288:mcFCjqV5Rnj9hK4DSxl/dJq2J+9Dsvg3oHmslnI1:mcFJ5yXVJqywImse1

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.76

Attributes
  • url_path

    /3cd2b41cbde8fc9c.php

Targets

    • Target

      12ff2c609d32ddaeab23d2ddefea06f2382c73daa8e7bb44553771651a52aec8

    • Size

      462KB

    • MD5

      752c19741396cdd6c4822fbb73778a21

    • SHA1

      8bdd9b2d6c1f020e2c92f42b627fc17632b8e1f7

    • SHA256

      12ff2c609d32ddaeab23d2ddefea06f2382c73daa8e7bb44553771651a52aec8

    • SHA512

      c44408a79a2fb37fb97c0bda357d6db7bb39c177f726fd88efdd372b015a6edf1228a0c87723a521cd0bb2152153629933aab5506bfd200566f7b859fd4948da

    • SSDEEP

      12288:mcFCjqV5Rnj9hK4DSxl/dJq2J+9Dsvg3oHmslnI1:mcFJ5yXVJqywImse1

    • Detect ZGRat V1

    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks