General

  • Target

    1d9e2c17db02f2e5abc87dfaf27d43995cf17ecd3fbb324f052966dda8e0e109

  • Size

    497KB

  • Sample

    240425-bfc4ssce84

  • MD5

    42c0ae81390128ba5cc3d4228764cb4c

  • SHA1

    2336135fc52cde4ce80ce346a847fffb24afb56e

  • SHA256

    1d9e2c17db02f2e5abc87dfaf27d43995cf17ecd3fbb324f052966dda8e0e109

  • SHA512

    553e4a289deed20203b87eaf25d022b41d88ea33b0f7a5a3443865bfcaa7bba8025dcf1b0357667a47d143d31e3154f81f0e7e7eaa66bf04f12c168a0a1ffb8e

  • SSDEEP

    12288:VBy70w/OnfLYTOOc411sVyL8/TtPnAUaPkcX38rese4uF:VBayfohBf5YJPnfXcXaeR4uF

Malware Config

Targets

    • Target

      1d9e2c17db02f2e5abc87dfaf27d43995cf17ecd3fbb324f052966dda8e0e109

    • Size

      497KB

    • MD5

      42c0ae81390128ba5cc3d4228764cb4c

    • SHA1

      2336135fc52cde4ce80ce346a847fffb24afb56e

    • SHA256

      1d9e2c17db02f2e5abc87dfaf27d43995cf17ecd3fbb324f052966dda8e0e109

    • SHA512

      553e4a289deed20203b87eaf25d022b41d88ea33b0f7a5a3443865bfcaa7bba8025dcf1b0357667a47d143d31e3154f81f0e7e7eaa66bf04f12c168a0a1ffb8e

    • SSDEEP

      12288:VBy70w/OnfLYTOOc411sVyL8/TtPnAUaPkcX38rese4uF:VBayfohBf5YJPnfXcXaeR4uF

    • Detect ZGRat V1

    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks