General

  • Target

    2b996b0c447b4778b2cee50d14404b12f54a6d2698374c7159b5a5a988ac6529

  • Size

    403KB

  • Sample

    240425-bpn8esch3s

  • MD5

    e99773e1bacf395199dbdd905ee26591

  • SHA1

    eb0f46bed333bfc77537465a3f6ea1f6a163b32d

  • SHA256

    2b996b0c447b4778b2cee50d14404b12f54a6d2698374c7159b5a5a988ac6529

  • SHA512

    c212094c5d4486bfbae83c6f356c696bcf1cb2db044199ccfd63e9d97bb73c43f920ea9122d91a1c11821ebe02b6992f79d53d23526a602a7bb5b5d500d0b06d

  • SSDEEP

    6144:R3wnORugzRRFonQZnTyESQpg/rKjWAvG17t1aWZM1iIJC/v4ZF:lwn+uERkQZT4Wg/r/B17t1aWZQ5C/wZF

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.76

Attributes
  • url_path

    /3cd2b41cbde8fc9c.php

Targets

    • Target

      2b996b0c447b4778b2cee50d14404b12f54a6d2698374c7159b5a5a988ac6529

    • Size

      403KB

    • MD5

      e99773e1bacf395199dbdd905ee26591

    • SHA1

      eb0f46bed333bfc77537465a3f6ea1f6a163b32d

    • SHA256

      2b996b0c447b4778b2cee50d14404b12f54a6d2698374c7159b5a5a988ac6529

    • SHA512

      c212094c5d4486bfbae83c6f356c696bcf1cb2db044199ccfd63e9d97bb73c43f920ea9122d91a1c11821ebe02b6992f79d53d23526a602a7bb5b5d500d0b06d

    • SSDEEP

      6144:R3wnORugzRRFonQZnTyESQpg/rKjWAvG17t1aWZM1iIJC/v4ZF:lwn+uERkQZT4Wg/r/B17t1aWZQ5C/wZF

    • Detect ZGRat V1

    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks