General

  • Target

    cc9683dd62a0b9255a43b8c92e719fb85e29fb5c03c99124292beb426d2b0944

  • Size

    405KB

  • Sample

    240426-jzsycscd49

  • MD5

    e46032c4823fc0d1e9cb05331f25bbbf

  • SHA1

    c9f5fc908981d231bd4d11170a195fea8a7d3cd6

  • SHA256

    cc9683dd62a0b9255a43b8c92e719fb85e29fb5c03c99124292beb426d2b0944

  • SHA512

    2972b6fae903712622e0dd065bbe4e4e1f240ef642f3ca5ef7300708c1fddc805ae8700def68367eb85b82e0d801ceea9d5ce96b5ce8cfd032d6a81e00796b66

  • SSDEEP

    12288:hOatvTLg/5HI+WnM93ss5WAlYjGJqMh8nbwr9:hjM5HsnMNmtSchnbwr9

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.76

Attributes
  • url_path

    /3cd2b41cbde8fc9c.php

Targets

    • Target

      cc9683dd62a0b9255a43b8c92e719fb85e29fb5c03c99124292beb426d2b0944

    • Size

      405KB

    • MD5

      e46032c4823fc0d1e9cb05331f25bbbf

    • SHA1

      c9f5fc908981d231bd4d11170a195fea8a7d3cd6

    • SHA256

      cc9683dd62a0b9255a43b8c92e719fb85e29fb5c03c99124292beb426d2b0944

    • SHA512

      2972b6fae903712622e0dd065bbe4e4e1f240ef642f3ca5ef7300708c1fddc805ae8700def68367eb85b82e0d801ceea9d5ce96b5ce8cfd032d6a81e00796b66

    • SSDEEP

      12288:hOatvTLg/5HI+WnM93ss5WAlYjGJqMh8nbwr9:hjM5HsnMNmtSchnbwr9

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks