General

  • Target

    e7ab6f2ee589ec570d7dd0be1eaf902bfcdd19e387fa15fe7f52575ee71258ad

  • Size

    406KB

  • Sample

    240425-exlztafb35

  • MD5

    81ee2175e873d73c57134a68572c8173

  • SHA1

    a64810aae620c47dc84ca2fbf8c886b99b8832fc

  • SHA256

    e7ab6f2ee589ec570d7dd0be1eaf902bfcdd19e387fa15fe7f52575ee71258ad

  • SHA512

    0937f915ae69d14012cdb31fe1d5905095b0236beeece60fc5bda6b5738b8b349852289cd4ac00f6d46ae825535e3146677ae01f971b99a592d5f68df3647d1c

  • SSDEEP

    6144:ZAuhQxtgcHEOgazi/NtXZ8mzVoq/6Jj4M2T1sRg9ivUUfFURO6dEL4tOKrd:ZAuhQTg22NzVoPSMSsRkUfu/dELuOKrd

Malware Config

Targets

    • Target

      e7ab6f2ee589ec570d7dd0be1eaf902bfcdd19e387fa15fe7f52575ee71258ad

    • Size

      406KB

    • MD5

      81ee2175e873d73c57134a68572c8173

    • SHA1

      a64810aae620c47dc84ca2fbf8c886b99b8832fc

    • SHA256

      e7ab6f2ee589ec570d7dd0be1eaf902bfcdd19e387fa15fe7f52575ee71258ad

    • SHA512

      0937f915ae69d14012cdb31fe1d5905095b0236beeece60fc5bda6b5738b8b349852289cd4ac00f6d46ae825535e3146677ae01f971b99a592d5f68df3647d1c

    • SSDEEP

      6144:ZAuhQxtgcHEOgazi/NtXZ8mzVoq/6Jj4M2T1sRg9ivUUfFURO6dEL4tOKrd:ZAuhQTg22NzVoPSMSsRkUfu/dELuOKrd

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks