General

  • Target

    d638060a4d128d39dc41e6e9c49ae407433d69f56114b616e950449a0fa551e2

  • Size

    416KB

  • Sample

    240425-fl8j4sfh6y

  • MD5

    b711b9e924a2afa92a03b9430125a77a

  • SHA1

    8d15b6fba8a69567d7c8b81ef64550683f7748ed

  • SHA256

    d638060a4d128d39dc41e6e9c49ae407433d69f56114b616e950449a0fa551e2

  • SHA512

    e3e118a5b476f4bc413bb19af7b59b2426aed2b07a9b934f81a0d5043c03eee452acd5b30ee66d4b55d536be4760a7b6e1f42a75003f78ce7ca799c4018fb9a2

  • SSDEEP

    12288:BFc5MyBQNGCCIYu7GJ9QICQfEHVmJspaq:BOdWNYIx7W90uEaq

Malware Config

Targets

    • Target

      d638060a4d128d39dc41e6e9c49ae407433d69f56114b616e950449a0fa551e2

    • Size

      416KB

    • MD5

      b711b9e924a2afa92a03b9430125a77a

    • SHA1

      8d15b6fba8a69567d7c8b81ef64550683f7748ed

    • SHA256

      d638060a4d128d39dc41e6e9c49ae407433d69f56114b616e950449a0fa551e2

    • SHA512

      e3e118a5b476f4bc413bb19af7b59b2426aed2b07a9b934f81a0d5043c03eee452acd5b30ee66d4b55d536be4760a7b6e1f42a75003f78ce7ca799c4018fb9a2

    • SSDEEP

      12288:BFc5MyBQNGCCIYu7GJ9QICQfEHVmJspaq:BOdWNYIx7W90uEaq

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks