General

  • Target

    fe7cde83865e3066410200f855f53387ee7937808830c28557eb2d4ada57955c

  • Size

    412KB

  • Sample

    240425-h3xkaagg5s

  • MD5

    e6a6f54fb83bc88e318198fa49a8daac

  • SHA1

    9b147bc470f2fcecc4eb1bb87ee98c83e065327b

  • SHA256

    fe7cde83865e3066410200f855f53387ee7937808830c28557eb2d4ada57955c

  • SHA512

    6966d1f6f09b9be1b47f6fb1ef1cd74128881448ec96f065ac47c074c103c3277f982aa865e51c3b0cb96a385f1f83c9b1c739e40aac3d79582370edfdce22f2

  • SSDEEP

    6144:S3vNF93i2XZW6NlsS8qNSRk73O9B0qppnH9oH6I:MNd5H7+9n7dQ6I

Malware Config

Targets

    • Target

      fe7cde83865e3066410200f855f53387ee7937808830c28557eb2d4ada57955c

    • Size

      412KB

    • MD5

      e6a6f54fb83bc88e318198fa49a8daac

    • SHA1

      9b147bc470f2fcecc4eb1bb87ee98c83e065327b

    • SHA256

      fe7cde83865e3066410200f855f53387ee7937808830c28557eb2d4ada57955c

    • SHA512

      6966d1f6f09b9be1b47f6fb1ef1cd74128881448ec96f065ac47c074c103c3277f982aa865e51c3b0cb96a385f1f83c9b1c739e40aac3d79582370edfdce22f2

    • SSDEEP

      6144:S3vNF93i2XZW6NlsS8qNSRk73O9B0qppnH9oH6I:MNd5H7+9n7dQ6I

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks