General

  • Target

    c9bf4328f21d5a202057141dcfab6818ef878c8a8481b717bf03f61754d9fee3

  • Size

    405KB

  • Sample

    240426-jv77gscc58

  • MD5

    f6a243ebb1ab08e7471211b9a365f606

  • SHA1

    0a14d9d01ce8c4e783ef0ded33385a7278a7a74e

  • SHA256

    c9bf4328f21d5a202057141dcfab6818ef878c8a8481b717bf03f61754d9fee3

  • SHA512

    10e5237b148d39390cb92b1e6da9b72cdae2f5dbd27e182a056f02ac1ddfeb5faf670c7a6f35107c795ebf904fc944662adc4953dc5438934ec30ad1374b8276

  • SSDEEP

    12288:hOatvTLg/5HI+WnM93ss5WAlYjGJqMh8nbwr/:hjM5HsnMNmtSchnbwr/

Malware Config

Targets

    • Target

      c9bf4328f21d5a202057141dcfab6818ef878c8a8481b717bf03f61754d9fee3

    • Size

      405KB

    • MD5

      f6a243ebb1ab08e7471211b9a365f606

    • SHA1

      0a14d9d01ce8c4e783ef0ded33385a7278a7a74e

    • SHA256

      c9bf4328f21d5a202057141dcfab6818ef878c8a8481b717bf03f61754d9fee3

    • SHA512

      10e5237b148d39390cb92b1e6da9b72cdae2f5dbd27e182a056f02ac1ddfeb5faf670c7a6f35107c795ebf904fc944662adc4953dc5438934ec30ad1374b8276

    • SSDEEP

      12288:hOatvTLg/5HI+WnM93ss5WAlYjGJqMh8nbwr/:hjM5HsnMNmtSchnbwr/

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks