General

  • Target

    55a5bbeb69a0e108c134d3a5c4592cea3cda4cc9747cafbd00ea99debb2681f3

  • Size

    407KB

  • Sample

    240425-ctbzbsdg7x

  • MD5

    b244e7e706f4feb4fe5051a21c6518f3

  • SHA1

    5e775153fef84d9787ffcfd6fb9014495b6ad886

  • SHA256

    55a5bbeb69a0e108c134d3a5c4592cea3cda4cc9747cafbd00ea99debb2681f3

  • SHA512

    da25e97c77aa2329f54204514e6b9cde9e3c7d212831ae8104ad4b09d5fb704486805fdd4a13bc88d2723cddb845b7c18a79f38115812a2db2c22958f2c91291

  • SSDEEP

    6144:GTQUPE2+RiUWOKgOskmpSjYLpafrzEWHfAjm1wd/SEWOikSnLdTuBVdEL4tR:GZlOLOsajYVcE2KEySnxUdELuR

Malware Config

Targets

    • Target

      55a5bbeb69a0e108c134d3a5c4592cea3cda4cc9747cafbd00ea99debb2681f3

    • Size

      407KB

    • MD5

      b244e7e706f4feb4fe5051a21c6518f3

    • SHA1

      5e775153fef84d9787ffcfd6fb9014495b6ad886

    • SHA256

      55a5bbeb69a0e108c134d3a5c4592cea3cda4cc9747cafbd00ea99debb2681f3

    • SHA512

      da25e97c77aa2329f54204514e6b9cde9e3c7d212831ae8104ad4b09d5fb704486805fdd4a13bc88d2723cddb845b7c18a79f38115812a2db2c22958f2c91291

    • SSDEEP

      6144:GTQUPE2+RiUWOKgOskmpSjYLpafrzEWHfAjm1wd/SEWOikSnLdTuBVdEL4tR:GZlOLOsajYVcE2KEySnxUdELuR

    • Detect ZGRat V1

    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks