General

  • Target

    2a4463508a9e92e02ab37666bde35053ab8a0f449abdb54efa436274522578a5

  • Size

    412KB

  • Sample

    240425-h4qs5agg6s

  • MD5

    e664e8b15d8f58886c15f2a710c458ea

  • SHA1

    c15bdf45a9d58dcd5d0faac8e80cdcfc8fd8da27

  • SHA256

    2a4463508a9e92e02ab37666bde35053ab8a0f449abdb54efa436274522578a5

  • SHA512

    bd60c4e7c84f0bfa29036336a94491f18e3d458a606a3c4ea2e8d311ff4a0206f0b3854c1ec8a6724b74f799a9983583111cc8fe5c8247e89b9aaafcfc1ca13c

  • SSDEEP

    6144:S3vNF93i2XZW6NlsS8qNSRk73O9B0qppnH9oH6P:MNd5H7+9n7dQ6P

Malware Config

Targets

    • Target

      2a4463508a9e92e02ab37666bde35053ab8a0f449abdb54efa436274522578a5

    • Size

      412KB

    • MD5

      e664e8b15d8f58886c15f2a710c458ea

    • SHA1

      c15bdf45a9d58dcd5d0faac8e80cdcfc8fd8da27

    • SHA256

      2a4463508a9e92e02ab37666bde35053ab8a0f449abdb54efa436274522578a5

    • SHA512

      bd60c4e7c84f0bfa29036336a94491f18e3d458a606a3c4ea2e8d311ff4a0206f0b3854c1ec8a6724b74f799a9983583111cc8fe5c8247e89b9aaafcfc1ca13c

    • SSDEEP

      6144:S3vNF93i2XZW6NlsS8qNSRk73O9B0qppnH9oH6P:MNd5H7+9n7dQ6P

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks