Overview

overview

10

Static

static

3

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    tmp

  • Size

    416KB

  • Sample

    240425-g8jpyage43

  • MD5

    573a3818acc8f52c5bc921c0756a97df

  • SHA1

    e0180b29de0a5197c3926fe9320f47b5e53730f2

  • SHA256

    6497f2bddd86057a9d1b6d972a38f6a2f4d344f3ddbf4bc173e16615746a991f

  • SHA512

    4113e9818ad72487d15964858e88824ec70998e30bd924a82ec10cf0e530344b73fab84fe8d75f05b10040ca17449acb7a69b4167cd6732002183cd6e0915f69

  • SSDEEP

    12288:BFc5MyBQNGCCIYu7GJ9QICQfEHVmJspal:BOdWNYIx7W90uEal

Score
10/10
sectopratstealczgratratstealertrojan

Malware Config

Targets

    • Target

      tmp

    • Size

      416KB

    • MD5

      573a3818acc8f52c5bc921c0756a97df

    • SHA1

      e0180b29de0a5197c3926fe9320f47b5e53730f2

    • SHA256

      6497f2bddd86057a9d1b6d972a38f6a2f4d344f3ddbf4bc173e16615746a991f

    • SHA512

      4113e9818ad72487d15964858e88824ec70998e30bd924a82ec10cf0e530344b73fab84fe8d75f05b10040ca17449acb7a69b4167cd6732002183cd6e0915f69

    • SSDEEP

      12288:BFc5MyBQNGCCIYu7GJ9QICQfEHVmJspal:BOdWNYIx7W90uEal

    Score
    10/10
    sectopratstealczgratratstealertrojan

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks