General

  • Target

    bdc17d6fb9d21c9bb5bcbf4d9ea8a7a9104d820a2f8745ff517c4580b397e18f

  • Size

    406KB

  • Sample

    240426-fxb1aaac69

  • MD5

    8ed65694a3555b7240eddd1628777d4c

  • SHA1

    e3d8a2c210aaa5370c7fa7fa086ac6f5b1150765

  • SHA256

    bdc17d6fb9d21c9bb5bcbf4d9ea8a7a9104d820a2f8745ff517c4580b397e18f

  • SHA512

    eedce00d4b8e5586519b4a205406ca3c7479a343776581b1438dc5ae2347c4741739daf8568501951d91373125d9f181964a0d9ed1cfa91c6dcfb4ec4e95aca5

  • SSDEEP

    12288:vnCNuxzdlcGaoloHcJu4ysZCRzh8nkIry:vCGdleCCgCRCnkIry

Malware Config

Targets

    • Target

      bdc17d6fb9d21c9bb5bcbf4d9ea8a7a9104d820a2f8745ff517c4580b397e18f

    • Size

      406KB

    • MD5

      8ed65694a3555b7240eddd1628777d4c

    • SHA1

      e3d8a2c210aaa5370c7fa7fa086ac6f5b1150765

    • SHA256

      bdc17d6fb9d21c9bb5bcbf4d9ea8a7a9104d820a2f8745ff517c4580b397e18f

    • SHA512

      eedce00d4b8e5586519b4a205406ca3c7479a343776581b1438dc5ae2347c4741739daf8568501951d91373125d9f181964a0d9ed1cfa91c6dcfb4ec4e95aca5

    • SSDEEP

      12288:vnCNuxzdlcGaoloHcJu4ysZCRzh8nkIry:vCGdleCCgCRCnkIry

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks