Behavioral task
behavioral1
Sample
7afa24a3edf48c1c197a4ae6cee545ab45484b87fb85f50c60733569e446c864.exe
Resource
win7-20240221-en
General
-
Target
7afa24a3edf48c1c197a4ae6cee545ab45484b87fb85f50c60733569e446c864
-
Size
309KB
-
MD5
d3996edc65b573d8716e7dc48c1c86e4
-
SHA1
ac74cb1d6f17f871717d26722e0f537f573671b7
-
SHA256
7afa24a3edf48c1c197a4ae6cee545ab45484b87fb85f50c60733569e446c864
-
SHA512
d40ebb961fca9d6bc89d1cb99e09965fd45cda64dcd86ddc7cf3687e3296aea7a615f5b28f0f9806278dfd6b61a3a6fedd725cd52b3eea1ad7780370e593eeb5
-
SSDEEP
6144:zrxpRpGOAhChnS967FlG/EmUsa2QlZXIsx:zrxpRpGOAhCeS9Dx
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.uniform.gr - Port:
587 - Username:
account@uniform.gr - Password:
k!+]7rf9nW!S20 - Email To:
united@uniform.gr
Signatures
-
Agenttesla family
-
Detect ZGRat V1 1 IoCs
Processes:
resource yara_rule sample family_zgrat_v1 -
Zgrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 7afa24a3edf48c1c197a4ae6cee545ab45484b87fb85f50c60733569e446c864
Files
-
7afa24a3edf48c1c197a4ae6cee545ab45484b87fb85f50c60733569e446c864.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 306KB - Virtual size: 306KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ