Overview

overview

10

Static

static

3

96b085b3f6...d0.exe

windows7-x64

10

96b085b3f6...d0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    96b085b3f6ee7441236cee54161309d0

  • Size

    405KB

  • Sample

    240426-kbm8mscf85

  • MD5

    96b085b3f6ee7441236cee54161309d0

  • SHA1

    88cf7eaf5db9a625a4fd922afe4c851abdd86b0b

  • SHA256

    132d0526eda9bdadbb2b402d44738d4fc91255556325b6a1991e053d1710fcce

  • SHA512

    23950cddb7d72685c12102438f1f38668a9206a4f5e3a0273558f4b7a2260183144e5f504d30d0659971b578a68de25b500b210217c17523b903d581f5085067

  • SSDEEP

    12288:hOatvTLg/5HI+WnM93ss5WAlYjGJqMh8nbwr5:hjM5HsnMNmtSchnbwr5

Score
10/10
sectopratstealczgratratstealertrojan

Malware Config

Targets

    • Target

      96b085b3f6ee7441236cee54161309d0

    • Size

      405KB

    • MD5

      96b085b3f6ee7441236cee54161309d0

    • SHA1

      88cf7eaf5db9a625a4fd922afe4c851abdd86b0b

    • SHA256

      132d0526eda9bdadbb2b402d44738d4fc91255556325b6a1991e053d1710fcce

    • SHA512

      23950cddb7d72685c12102438f1f38668a9206a4f5e3a0273558f4b7a2260183144e5f504d30d0659971b578a68de25b500b210217c17523b903d581f5085067

    • SSDEEP

      12288:hOatvTLg/5HI+WnM93ss5WAlYjGJqMh8nbwr5:hjM5HsnMNmtSchnbwr5

    Score
    10/10
    sectopratstealcratstealertrojanzgrat

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks