General

  • Target

    7af139fb85fc967d6697b920bef5f45d12b79ff0f18e7f7a516b96ef1bbdc503

  • Size

    394KB

  • Sample

    240427-fyjfracf6z

  • MD5

    3649216b2d6ea1db856be9511ba5f777

  • SHA1

    331e04836bebf0360d905c0f3198c3c7353fc0c2

  • SHA256

    7af139fb85fc967d6697b920bef5f45d12b79ff0f18e7f7a516b96ef1bbdc503

  • SHA512

    bbd4714e0f6abf79e1a472b63acb66037e19c5b8ee0b39497af9de1a6b39369be654f3ad4cbb1b1cf2f88f50227e8fa2848d399c5cf0d3209993555da13f3940

  • SSDEEP

    6144:fsJVip+l5fK53hCfPr+ICF1ggQyGiezkMza4:fszip+7K52P/+tQdq4

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.76

Attributes
  • url_path

    /3cd2b41cbde8fc9c.php

Targets

    • Target

      7af139fb85fc967d6697b920bef5f45d12b79ff0f18e7f7a516b96ef1bbdc503

    • Size

      394KB

    • MD5

      3649216b2d6ea1db856be9511ba5f777

    • SHA1

      331e04836bebf0360d905c0f3198c3c7353fc0c2

    • SHA256

      7af139fb85fc967d6697b920bef5f45d12b79ff0f18e7f7a516b96ef1bbdc503

    • SHA512

      bbd4714e0f6abf79e1a472b63acb66037e19c5b8ee0b39497af9de1a6b39369be654f3ad4cbb1b1cf2f88f50227e8fa2848d399c5cf0d3209993555da13f3940

    • SSDEEP

      6144:fsJVip+l5fK53hCfPr+ICF1ggQyGiezkMza4:fszip+7K52P/+tQdq4

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks