sectoprat

General

Target

d031552188e9d2038cee0b57ebfa15fdcf5d35e38c90b468c71ae4b771ef9ada
Size

451KB
Sample

240428-ncy83sed68
MD5

acd99f789f4d06c0b60e8caa647c6c62
SHA1

dfa1ac92c7c460ed19043fdb125580a39b40819d
SHA256

d031552188e9d2038cee0b57ebfa15fdcf5d35e38c90b468c71ae4b771ef9ada
SHA512

5b3fe2e10c69da31057770bc7a9f0b9f12234e3b8a9b16a2444c991b7a119939e2392ae742418a5793163ead24d47bf412b5b5e2fd837dca67e62df11f066d16
SSDEEP

12288:rBwwS3fz8A9Hmzef9HrPQyczMNoFnc1NG:rKHmzM9HroEoFnc1NG

Score

10^/10

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.62

Attributes

url_path
/902e53a07830e030.php

Targets

- Target
  
  d031552188e9d2038cee0b57ebfa15fdcf5d35e38c90b468c71ae4b771ef9ada
- Size
  
  451KB
- MD5
  
  acd99f789f4d06c0b60e8caa647c6c62
- SHA1
  
  dfa1ac92c7c460ed19043fdb125580a39b40819d
- SHA256
  
  d031552188e9d2038cee0b57ebfa15fdcf5d35e38c90b468c71ae4b771ef9ada
- SHA512
  
  5b3fe2e10c69da31057770bc7a9f0b9f12234e3b8a9b16a2444c991b7a119939e2392ae742418a5793163ead24d47bf412b5b5e2fd837dca67e62df11f066d16
- SSDEEP
  
  12288:rBwwS3fz8A9Hmzef9HrPQyczMNoFnc1NG:rKHmzM9HroEoFnc1NG
Score

10^/10

sectoprat stealc zgrat discovery rat stealer trojan
- Detect ZGRat V1
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

4

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

SectopRAT payload

Stealc

ZGRat

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2