Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    85e8a84ac43b9bb1bc606e46023d989671bda51ced805c07ab8cccf8d45dc7bf

  • Size

    386KB

  • Sample

    240427-pf76tsah7y

  • MD5

    c6434ad7991f41c5a48eb1498f881687

  • SHA1

    90c3c0f2ab4a46a9d6e15a7de4c4380f3e4d6906

  • SHA256

    85e8a84ac43b9bb1bc606e46023d989671bda51ced805c07ab8cccf8d45dc7bf

  • SHA512

    b156c334d25d9159fa033a3f635275911451753008a4ea66986f13737709f3250a15d14c18e1ab95e84b680cabf763002643db8aa6808ce55a9e84b23477e6ba

  • SSDEEP

    6144:USzVvkBage3IgFEbPijF94P0JK4oivly+5Nicq8mDLKQH8q8am6mWP:DZnFEbqBrK7T6ic237XP

Score
10/10
sectopratstealczgratdiscoveryratstealertrojan

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.76

Attributes
  • url_path

    /3cd2b41cbde8fc9c.php

Targets

    • Target

      85e8a84ac43b9bb1bc606e46023d989671bda51ced805c07ab8cccf8d45dc7bf

    • Size

      386KB

    • MD5

      c6434ad7991f41c5a48eb1498f881687

    • SHA1

      90c3c0f2ab4a46a9d6e15a7de4c4380f3e4d6906

    • SHA256

      85e8a84ac43b9bb1bc606e46023d989671bda51ced805c07ab8cccf8d45dc7bf

    • SHA512

      b156c334d25d9159fa033a3f635275911451753008a4ea66986f13737709f3250a15d14c18e1ab95e84b680cabf763002643db8aa6808ce55a9e84b23477e6ba

    • SSDEEP

      6144:USzVvkBage3IgFEbPijF94P0JK4oivly+5Nicq8mDLKQH8q8am6mWP:DZnFEbqBrK7T6ic237XP

    Score
    10/10
    sectopratstealczgratdiscoveryratstealertrojan

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

4
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks