zebrocy | 41c059f4dfaa143cc75df07f38f50d7d6ac0c6416d3e21aac2e530683c037fdf | Triage

Sharing

General

Target

41c059f4dfaa143cc75df07f38f50d7d6ac0c6416d3e21aac2e530683c037fdf
Size

4.7MB
MD5

d2654d7085cfa021953f9a42c8057bba
SHA1

e86ad4024e568938ca94454f00d04a9303f5f7af
SHA256

41c059f4dfaa143cc75df07f38f50d7d6ac0c6416d3e21aac2e530683c037fdf
SHA512

2767f4ab916d58a0700d1df4933f6b8edb7d6e54ec9920a6b228ae1c130563942dbf4828e7ca9066fa71f1f195047a3b78a38e63ef67a0d8232f1599d4f00ea3
SSDEEP

98304:uvPbS1fekFplWVo9BvKg8MU9d0IK418OHcX:uvO1jUVB0IK4u

Score

10^/10

zebrocy

Malware Config

Extracted

Family

zebrocy

C2

Windows XP Professional x64 Edition

Signatures

Zebrocy Go Variant 1 IoCs

resource	yara_rule
sample	Zebrocy

Zebrocy family
zebrocy

Files

41c059f4dfaa143cc75df07f38f50d7d6ac0c6416d3e21aac2e530683c037fdf
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 191KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 902B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ