Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    70f9910410ed944750969706a11fece13b6f175e2aea5e1b9ab2e801d3a22cf2

  • Size

    406KB

  • Sample

    240426-fnttqsab94

  • MD5

    dd20c3dea695e4d2bb20f79f2304ea6a

  • SHA1

    a1206a1b16fe30493dfbf782daa603cdd54be867

  • SHA256

    70f9910410ed944750969706a11fece13b6f175e2aea5e1b9ab2e801d3a22cf2

  • SHA512

    ed2a988829f9a1b644b2b3575e5e12c44e239078651544c1f9de8293426dbf288ae664242545c332e55859a0ddd7c183eb2931078c5c5fe039a845eac6a42817

  • SSDEEP

    12288:vnCNuxzdlcGaoloHcJu4ysZCRzh8nkIr3:vCGdleCCgCRCnkIr3

Score
10/10
sectopratstealczgratratstealertrojan

Malware Config

Targets

    • Target

      70f9910410ed944750969706a11fece13b6f175e2aea5e1b9ab2e801d3a22cf2

    • Size

      406KB

    • MD5

      dd20c3dea695e4d2bb20f79f2304ea6a

    • SHA1

      a1206a1b16fe30493dfbf782daa603cdd54be867

    • SHA256

      70f9910410ed944750969706a11fece13b6f175e2aea5e1b9ab2e801d3a22cf2

    • SHA512

      ed2a988829f9a1b644b2b3575e5e12c44e239078651544c1f9de8293426dbf288ae664242545c332e55859a0ddd7c183eb2931078c5c5fe039a845eac6a42817

    • SSDEEP

      12288:vnCNuxzdlcGaoloHcJu4ysZCRzh8nkIr3:vCGdleCCgCRCnkIr3

    Score
    10/10
    sectopratstealczgratratstealertrojan

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks