General

  • Target

    4635d41378d6ccc8cae910d1d525e69730bf311ccd1220cd59342692abdc7b1c

  • Size

    403KB

  • Sample

    240425-cgkeyadc78

  • MD5

    be532c5f513b13a5ee04093904316499

  • SHA1

    c89d0f64dfd1b95a2f7d893db20a6204ba0f782c

  • SHA256

    4635d41378d6ccc8cae910d1d525e69730bf311ccd1220cd59342692abdc7b1c

  • SHA512

    45d479e7b43a56b83452c2855593c2be83271f73f44535691d7026fca9111da2c8c07d65bff44b47ca6ced5eb3b79cb85de0b6e9604ddd226f6891009c803770

  • SSDEEP

    6144:vBEzApROYCEVcHSA8ZyDZCv1PCulT3tIrfgWE0V:vBEspYkWr8M8bD0V

Malware Config

Targets

    • Target

      4635d41378d6ccc8cae910d1d525e69730bf311ccd1220cd59342692abdc7b1c

    • Size

      403KB

    • MD5

      be532c5f513b13a5ee04093904316499

    • SHA1

      c89d0f64dfd1b95a2f7d893db20a6204ba0f782c

    • SHA256

      4635d41378d6ccc8cae910d1d525e69730bf311ccd1220cd59342692abdc7b1c

    • SHA512

      45d479e7b43a56b83452c2855593c2be83271f73f44535691d7026fca9111da2c8c07d65bff44b47ca6ced5eb3b79cb85de0b6e9604ddd226f6891009c803770

    • SSDEEP

      6144:vBEzApROYCEVcHSA8ZyDZCv1PCulT3tIrfgWE0V:vBEspYkWr8M8bD0V

    • Detect ZGRat V1

    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks