General

  • Target

    ISetup5.exe

  • Size

    405KB

  • Sample

    240425-c96hwaec3v

  • MD5

    b7fd7c85753b04c6810386bd2e7a9fd1

  • SHA1

    18ef95885240bfb8904cb3401f86188ca4f9ef85

  • SHA256

    dc587a9ed463a0a34ce6a2970152679be7e271562ebadbcceadc3a60c6727b5d

  • SHA512

    c503fe696a9cc44819dc9994911d689cb18e68705c1f387c0fce5ac143aa829ad0a5e0f04c6b181179e4da558f7a799bab4bc83a36c85185cc99ef7a0962a8f2

  • SSDEEP

    6144:6lvgNss1kOj6Ljn7bgDKzgH3SYfmwdG2mFdEL4tOJDsJ:6lvgmaeH4KzgXxfFGDdELuOJDsJ

Malware Config

Targets

    • Target

      ISetup5.exe

    • Size

      405KB

    • MD5

      b7fd7c85753b04c6810386bd2e7a9fd1

    • SHA1

      18ef95885240bfb8904cb3401f86188ca4f9ef85

    • SHA256

      dc587a9ed463a0a34ce6a2970152679be7e271562ebadbcceadc3a60c6727b5d

    • SHA512

      c503fe696a9cc44819dc9994911d689cb18e68705c1f387c0fce5ac143aa829ad0a5e0f04c6b181179e4da558f7a799bab4bc83a36c85185cc99ef7a0962a8f2

    • SSDEEP

      6144:6lvgNss1kOj6Ljn7bgDKzgH3SYfmwdG2mFdEL4tOJDsJ:6lvgmaeH4KzgXxfFGDdELuOJDsJ

    • Detect ZGRat V1

    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks