General

  • Target

    c1c1c731837678aaa5c168a11f6fb5f103eca47ee137198977e46aca08ae6d46

  • Size

    406KB

  • Sample

    240426-fn3fwaac2t

  • MD5

    d68424b627763ea5a05c682424d60b82

  • SHA1

    8647dab8df5cd9c4be3147e5d0e0db217ffb60ee

  • SHA256

    c1c1c731837678aaa5c168a11f6fb5f103eca47ee137198977e46aca08ae6d46

  • SHA512

    cea084a17c5d277998618c01fd3bc8ca61ff34180f0d262d56e620c0d42237991cab066a8ab9b53f6440af1e077717f52f89b5136b64928cc6a2bc934300c3af

  • SSDEEP

    12288:vnCNuxzdlcGaoloHcJu4ysZCRzh8nkIrw:vCGdleCCgCRCnkIrw

Malware Config

Targets

    • Target

      c1c1c731837678aaa5c168a11f6fb5f103eca47ee137198977e46aca08ae6d46

    • Size

      406KB

    • MD5

      d68424b627763ea5a05c682424d60b82

    • SHA1

      8647dab8df5cd9c4be3147e5d0e0db217ffb60ee

    • SHA256

      c1c1c731837678aaa5c168a11f6fb5f103eca47ee137198977e46aca08ae6d46

    • SHA512

      cea084a17c5d277998618c01fd3bc8ca61ff34180f0d262d56e620c0d42237991cab066a8ab9b53f6440af1e077717f52f89b5136b64928cc6a2bc934300c3af

    • SSDEEP

      12288:vnCNuxzdlcGaoloHcJu4ysZCRzh8nkIrw:vCGdleCCgCRCnkIrw

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks