General

  • Target

    2a08e27c78c12acefbd49668d9384b5e54a5f907bedac5c3f5d2094e8bf3f9d1

  • Size

    445KB

  • Sample

    240425-bpmdtsch21

  • MD5

    a4ff45669edba40e7cf0e41e0c154c4f

  • SHA1

    4b87fca932cea0d1c2d62234e10edef8e658b2ae

  • SHA256

    2a08e27c78c12acefbd49668d9384b5e54a5f907bedac5c3f5d2094e8bf3f9d1

  • SHA512

    ca509c14c201102564804e5e67f51c631ef2c0647bd555bdbd0fd290b1ac6d0a74f42d326abe8051d230c80181f0dc90b2d70d75a7c94aab52532a2b506eb52d

  • SSDEEP

    6144:U8CVcduR+MfClH8TBjhTBdMjyyU91m4K3YwZAUzJThF:UZVcchfCN8T/FK37ZvNThF

Malware Config

Targets

    • Target

      2a08e27c78c12acefbd49668d9384b5e54a5f907bedac5c3f5d2094e8bf3f9d1

    • Size

      445KB

    • MD5

      a4ff45669edba40e7cf0e41e0c154c4f

    • SHA1

      4b87fca932cea0d1c2d62234e10edef8e658b2ae

    • SHA256

      2a08e27c78c12acefbd49668d9384b5e54a5f907bedac5c3f5d2094e8bf3f9d1

    • SHA512

      ca509c14c201102564804e5e67f51c631ef2c0647bd555bdbd0fd290b1ac6d0a74f42d326abe8051d230c80181f0dc90b2d70d75a7c94aab52532a2b506eb52d

    • SSDEEP

      6144:U8CVcduR+MfClH8TBjhTBdMjyyU91m4K3YwZAUzJThF:UZVcchfCN8T/FK37ZvNThF

    • Detect ZGRat V1

    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks