General

  • Target

    0b13c8929f88d8e7190efb1d2ad9b0f3c8d4dd7cd983a9345ce96f6a1a13a3f0

  • Size

    418KB

  • Sample

    240427-e7p48abb29

  • MD5

    ddaa6240a71a2a65f56e7bd5bfa9a18d

  • SHA1

    1e90028aeee056dc079dac213bba080ca774edf2

  • SHA256

    0b13c8929f88d8e7190efb1d2ad9b0f3c8d4dd7cd983a9345ce96f6a1a13a3f0

  • SHA512

    106b593a22668e6c745a4eeb18571a34eebef637aa956fd9d65033976b23fb6c2d079ff6a5915455fc09dc6cd3fd312ec79faf672f0fc49de4ff6e880f651ffc

  • SSDEEP

    6144:77moGeb6RptVKAv+9sWfx/eLmt6SAQeVTEu680BXs+tTbAq:77+ebCV9LWfx/zUSKVQushT8q

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.76

Attributes
  • url_path

    /3cd2b41cbde8fc9c.php

Targets

    • Target

      0b13c8929f88d8e7190efb1d2ad9b0f3c8d4dd7cd983a9345ce96f6a1a13a3f0

    • Size

      418KB

    • MD5

      ddaa6240a71a2a65f56e7bd5bfa9a18d

    • SHA1

      1e90028aeee056dc079dac213bba080ca774edf2

    • SHA256

      0b13c8929f88d8e7190efb1d2ad9b0f3c8d4dd7cd983a9345ce96f6a1a13a3f0

    • SHA512

      106b593a22668e6c745a4eeb18571a34eebef637aa956fd9d65033976b23fb6c2d079ff6a5915455fc09dc6cd3fd312ec79faf672f0fc49de4ff6e880f651ffc

    • SSDEEP

      6144:77moGeb6RptVKAv+9sWfx/eLmt6SAQeVTEu680BXs+tTbAq:77+ebCV9LWfx/zUSKVQushT8q

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks