General

  • Target

    68921a542f53732f88749b7ce2520fb76dbe7f44010bfcf66facc34618a8dd66

  • Size

    406KB

  • Sample

    240425-eww4dsfb24

  • MD5

    cd0097d23862361e8c87af83bad3880b

  • SHA1

    8fe582ab879fedc228e3074396cdcdf0a44c9326

  • SHA256

    68921a542f53732f88749b7ce2520fb76dbe7f44010bfcf66facc34618a8dd66

  • SHA512

    724694f12886dee467509e0aa2541038755e537fbaf4517d48ec7a80a0103662f92417df00c12b63a554c66d5cab5546f12c275d38d15b0d9bc9ff566e004cb2

  • SSDEEP

    6144:ZAuhQxtgcHEOgazi/NtXZ8mzVoq/6Jj4M2T1sRg9ivUUfFURO6dEL4tOKrf:ZAuhQTg22NzVoPSMSsRkUfu/dELuOKrf

Malware Config

Targets

    • Target

      68921a542f53732f88749b7ce2520fb76dbe7f44010bfcf66facc34618a8dd66

    • Size

      406KB

    • MD5

      cd0097d23862361e8c87af83bad3880b

    • SHA1

      8fe582ab879fedc228e3074396cdcdf0a44c9326

    • SHA256

      68921a542f53732f88749b7ce2520fb76dbe7f44010bfcf66facc34618a8dd66

    • SHA512

      724694f12886dee467509e0aa2541038755e537fbaf4517d48ec7a80a0103662f92417df00c12b63a554c66d5cab5546f12c275d38d15b0d9bc9ff566e004cb2

    • SSDEEP

      6144:ZAuhQxtgcHEOgazi/NtXZ8mzVoq/6Jj4M2T1sRg9ivUUfFURO6dEL4tOKrf:ZAuhQTg22NzVoPSMSsRkUfu/dELuOKrf

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks