General

  • Target

    60221f0af44c01f7425fbfc631667f7ebdc3bf6ce4f3fbdea239706d9d26e1a8

  • Size

    405KB

  • Sample

    240426-j2tbxacd4z

  • MD5

    6a518e457ce2170480d1b42bbaa89244

  • SHA1

    835ecd6de02f358c071cfa196db207498be0d4af

  • SHA256

    60221f0af44c01f7425fbfc631667f7ebdc3bf6ce4f3fbdea239706d9d26e1a8

  • SHA512

    b293684a1a7cdf80f095feab22fb9a7818430ee8da56bb0655ba38c1fac884cf198f654aa6e93cffeda92d1a6a51dfa26efa0aa9b1d1215ffb011c728c6c8042

  • SSDEEP

    12288:hOatvTLg/5HI+WnM93ss5WAlYjGJqMh8nbwr6:hjM5HsnMNmtSchnbwr6

Malware Config

Targets

    • Target

      60221f0af44c01f7425fbfc631667f7ebdc3bf6ce4f3fbdea239706d9d26e1a8

    • Size

      405KB

    • MD5

      6a518e457ce2170480d1b42bbaa89244

    • SHA1

      835ecd6de02f358c071cfa196db207498be0d4af

    • SHA256

      60221f0af44c01f7425fbfc631667f7ebdc3bf6ce4f3fbdea239706d9d26e1a8

    • SHA512

      b293684a1a7cdf80f095feab22fb9a7818430ee8da56bb0655ba38c1fac884cf198f654aa6e93cffeda92d1a6a51dfa26efa0aa9b1d1215ffb011c728c6c8042

    • SSDEEP

      12288:hOatvTLg/5HI+WnM93ss5WAlYjGJqMh8nbwr6:hjM5HsnMNmtSchnbwr6

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks