General

  • Target

    806bf96903d6d7116985a43dac662cfac9cb92ea6e6cc5daaca57270c17edfbc

  • Size

    474KB

  • Sample

    240425-djccsaeb67

  • MD5

    756a1dc1ed6f13572bff4521a12254ab

  • SHA1

    23db7697aa2a48d26b4c064ae125f8b312f87383

  • SHA256

    806bf96903d6d7116985a43dac662cfac9cb92ea6e6cc5daaca57270c17edfbc

  • SHA512

    183a7321886558b430ccf195da0f26dd27df7e9fea096ed21fa39d168c9977f143b0f6b5eff053929dfda99dc71a33da7289e20d7537e6f82357a2e378fa9499

  • SSDEEP

    6144:2wHsNVyxZwIOrmlDNMf5OVuB0duChNhRWCSig80ppDv1DxWXKxtl+hHE1cFl:2wH6VypO5OVuOduCXh45L1dWXKxXQl

Malware Config

Targets

    • Target

      806bf96903d6d7116985a43dac662cfac9cb92ea6e6cc5daaca57270c17edfbc

    • Size

      474KB

    • MD5

      756a1dc1ed6f13572bff4521a12254ab

    • SHA1

      23db7697aa2a48d26b4c064ae125f8b312f87383

    • SHA256

      806bf96903d6d7116985a43dac662cfac9cb92ea6e6cc5daaca57270c17edfbc

    • SHA512

      183a7321886558b430ccf195da0f26dd27df7e9fea096ed21fa39d168c9977f143b0f6b5eff053929dfda99dc71a33da7289e20d7537e6f82357a2e378fa9499

    • SSDEEP

      6144:2wHsNVyxZwIOrmlDNMf5OVuB0duChNhRWCSig80ppDv1DxWXKxtl+hHE1cFl:2wH6VypO5OVuOduCXh45L1dWXKxXQl

    • Detect ZGRat V1

    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks