Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fccd4ad22a225e2bae0cab5bd02c3587bd3a1c900ae34d7f0e4aea7280fda20b

  • Size

    451KB

  • Sample

    240428-nfec3sef7w

  • MD5

    fad3fa41f288a2744bb4484ca102ce37

  • SHA1

    ce2927b6d96382310a30a5375ac5091700b05454

  • SHA256

    fccd4ad22a225e2bae0cab5bd02c3587bd3a1c900ae34d7f0e4aea7280fda20b

  • SHA512

    d6a258ad64bd33a77ea5c2a72e9e0c3a715a55a71b43e3a6973490b32fa9bff5666fcf190c98d24047c5b35ec01c3029b1d1b92de4f0de427fb4e324abf72279

  • SSDEEP

    12288:rBwwS3fz8A9Hmzef9HrPQyczMNoFnc1NB:rKHmzM9HroEoFnc1NB

Score
10/10
sectopratstealczgratdiscoveryratstealertrojan

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.62

Attributes
  • url_path

    /902e53a07830e030.php

Targets

    • Target

      fccd4ad22a225e2bae0cab5bd02c3587bd3a1c900ae34d7f0e4aea7280fda20b

    • Size

      451KB

    • MD5

      fad3fa41f288a2744bb4484ca102ce37

    • SHA1

      ce2927b6d96382310a30a5375ac5091700b05454

    • SHA256

      fccd4ad22a225e2bae0cab5bd02c3587bd3a1c900ae34d7f0e4aea7280fda20b

    • SHA512

      d6a258ad64bd33a77ea5c2a72e9e0c3a715a55a71b43e3a6973490b32fa9bff5666fcf190c98d24047c5b35ec01c3029b1d1b92de4f0de427fb4e324abf72279

    • SSDEEP

      12288:rBwwS3fz8A9Hmzef9HrPQyczMNoFnc1NB:rKHmzM9HroEoFnc1NB

    Score
    10/10
    sectopratstealczgratdiscoveryratstealertrojan

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

4
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks