General

  • Target

    4c7ca2715a8cc77758a2f250603a58ae1f2dedad0a53dec6eadea270bf109836

  • Size

    412KB

  • Sample

    240425-clnyxsdd69

  • MD5

    d70d8929bd6430ed64f78e1d752486e4

  • SHA1

    3d710f306e83fde59c070e53ad908430ecca843e

  • SHA256

    4c7ca2715a8cc77758a2f250603a58ae1f2dedad0a53dec6eadea270bf109836

  • SHA512

    a4e867ad6a17a07cd686663158bc986a7c3ebd54a2612276496f4186b73225db9c51560bead2d771e7ea04d2b407f105b8a4412e0ce546d79ea9438a74f468f3

  • SSDEEP

    6144:te64OHLc0cFFQ4hGCAid5LQwpgJHkGNCcxAtrMMYX7XD1:TLc0cFFzwCAbdmkmMMQD1

Malware Config

Targets

    • Target

      4c7ca2715a8cc77758a2f250603a58ae1f2dedad0a53dec6eadea270bf109836

    • Size

      412KB

    • MD5

      d70d8929bd6430ed64f78e1d752486e4

    • SHA1

      3d710f306e83fde59c070e53ad908430ecca843e

    • SHA256

      4c7ca2715a8cc77758a2f250603a58ae1f2dedad0a53dec6eadea270bf109836

    • SHA512

      a4e867ad6a17a07cd686663158bc986a7c3ebd54a2612276496f4186b73225db9c51560bead2d771e7ea04d2b407f105b8a4412e0ce546d79ea9438a74f468f3

    • SSDEEP

      6144:te64OHLc0cFFQ4hGCAid5LQwpgJHkGNCcxAtrMMYX7XD1:TLc0cFFzwCAbdmkmMMQD1

    • Detect ZGRat V1

    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks