General

  • Target

    b5cce2357dcac650b6551dc01a7c7f77f566843e49b134680fe30570bac2a8d5

  • Size

    416KB

  • Sample

    240425-ffl4xsfg51

  • MD5

    af7be782fc154051c153e88fb3c9fb76

  • SHA1

    d539a70511a1cf0117a198c148f8b467e013397a

  • SHA256

    b5cce2357dcac650b6551dc01a7c7f77f566843e49b134680fe30570bac2a8d5

  • SHA512

    e3fa8adbe9aa41245143900cc0306b25396cfa01aef9b5ad51d4ab5a786a99307a57ed2eb6a1b51ad6143f6471a338dc34c434a2e1e230bd4b6a8c375af8fbe7

  • SSDEEP

    12288:BFc5MyBQNGCCIYu7GJ9QICQfEHVmJspav:BOdWNYIx7W90uEav

Malware Config

Targets

    • Target

      b5cce2357dcac650b6551dc01a7c7f77f566843e49b134680fe30570bac2a8d5

    • Size

      416KB

    • MD5

      af7be782fc154051c153e88fb3c9fb76

    • SHA1

      d539a70511a1cf0117a198c148f8b467e013397a

    • SHA256

      b5cce2357dcac650b6551dc01a7c7f77f566843e49b134680fe30570bac2a8d5

    • SHA512

      e3fa8adbe9aa41245143900cc0306b25396cfa01aef9b5ad51d4ab5a786a99307a57ed2eb6a1b51ad6143f6471a338dc34c434a2e1e230bd4b6a8c375af8fbe7

    • SSDEEP

      12288:BFc5MyBQNGCCIYu7GJ9QICQfEHVmJspav:BOdWNYIx7W90uEav

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks