General

  • Target

    0e76c6256a49de400077255804df20d9ec8863bd9ee5b7b507993b41a23a8efb

  • Size

    418KB

  • Sample

    240427-e6fjdsbh4x

  • MD5

    9c141c2f45b1fc789e7cf57bfcc33b54

  • SHA1

    9c825af2ba6f41ae44bf27651f03781b26eb0d27

  • SHA256

    0e76c6256a49de400077255804df20d9ec8863bd9ee5b7b507993b41a23a8efb

  • SHA512

    57128983633a93e7ef4f2d1ec667dd10a6789a5dc7d8b8f11e40321730392f6f042045641c21ec3d2bcc6a5c87440197fb238fc2b51fa31b21dc6893fe2184eb

  • SSDEEP

    6144:77moGeb6RptVKAv+9sWfx/eLmt6SAQeVTEu680BXs+tTbAl:77+ebCV9LWfx/zUSKVQushT8l

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.76

Attributes
  • url_path

    /3cd2b41cbde8fc9c.php

Targets

    • Target

      0e76c6256a49de400077255804df20d9ec8863bd9ee5b7b507993b41a23a8efb

    • Size

      418KB

    • MD5

      9c141c2f45b1fc789e7cf57bfcc33b54

    • SHA1

      9c825af2ba6f41ae44bf27651f03781b26eb0d27

    • SHA256

      0e76c6256a49de400077255804df20d9ec8863bd9ee5b7b507993b41a23a8efb

    • SHA512

      57128983633a93e7ef4f2d1ec667dd10a6789a5dc7d8b8f11e40321730392f6f042045641c21ec3d2bcc6a5c87440197fb238fc2b51fa31b21dc6893fe2184eb

    • SSDEEP

      6144:77moGeb6RptVKAv+9sWfx/eLmt6SAQeVTEu680BXs+tTbAl:77+ebCV9LWfx/zUSKVQushT8l

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks