General
-
Target
RecteCracked.zip
-
Size
1.1MB
-
MD5
5ab343dfb3a2262416753da055a99357
-
SHA1
e018eeff706f76be1e8a3c61157ce1411adae002
-
SHA256
f2f2f95f6eb9bca26c77df8a9f0a44133992e31087830b44044db54285d7f0b2
-
SHA512
2be48a5f5c391fcd74dc0e8e3d40e8330429886494a44b8d4998a9ad77a638ac8d232036c43947b8c3563f424b622c17a09652a73877da56d7834b71b09a79e3
-
SSDEEP
24576:33h642s8aequRpFV+zFJ56PPDyofPLG/Jf2dwu1j+ISKylB3dZzT7CX:I4IFVs4bNLG/F2yulEjW
Malware Config
Signatures
-
Detect ZGRat V1 1 IoCs
resource yara_rule static1/unpack001/loveyoubaby.exe family_zgrat_v1 -
Zgrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/loveyoubaby.exe
Files
-
RecteCracked.zip.zip
Password: 123
-
loveyoubaby.exe.exe windows:4 windows x64 arch:x64
Password: 123
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 2.4MB - Virtual size: 2.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 900B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE