Behavioral task
behavioral1
Sample
af7b1b85eb27c4265510407e7c20e825fe25da44179e4e98dfa179db50a4e3ed.exe
Resource
win7-20231129-en
General
-
Target
af7b1b85eb27c4265510407e7c20e825fe25da44179e4e98dfa179db50a4e3ed
-
Size
467KB
-
MD5
604536863bc0e936d4311b088f4e0bd0
-
SHA1
4ce0a11eceab65fcb701c72c328bf77a3374fe8d
-
SHA256
af7b1b85eb27c4265510407e7c20e825fe25da44179e4e98dfa179db50a4e3ed
-
SHA512
6959b9f44c0f74ee3da631986c874253f19d169a8629320e373268869e7a75d213c30c4b874fd15747f2e15fbf6d34961a85f0fff348789709d4df5471957b65
-
SSDEEP
6144:xQrMgcLXEr8XWBjiVcKRv+JpMtuYgza3PQNx7e6QY9YoM02nwHypVf3qho8ICNcZ:S4DXEr8X8MbYpsu37p9e2M6howNkFB
Malware Config
Signatures
-
Detect ZGRat V1 1 IoCs
Processes:
resource yara_rule sample family_zgrat_v1 -
Zgrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource af7b1b85eb27c4265510407e7c20e825fe25da44179e4e98dfa179db50a4e3ed
Files
-
af7b1b85eb27c4265510407e7c20e825fe25da44179e4e98dfa179db50a4e3ed.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 465KB - Virtual size: 465KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 578B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ