Behavioral task
behavioral1
Sample
3e919e8f2497d8d0e45c1034090e736f3f4b70252ecf769f221e46525925e668.exe
Resource
win7-20231215-en
General
-
Target
3e919e8f2497d8d0e45c1034090e736f3f4b70252ecf769f221e46525925e668
-
Size
3.8MB
-
MD5
abca987c031d8a9227e1a8150e4c14b1
-
SHA1
fb163c5fb4fb9197e96976dd3ec5fdc01226e790
-
SHA256
3e919e8f2497d8d0e45c1034090e736f3f4b70252ecf769f221e46525925e668
-
SHA512
55d502e0452a94a870338d744e94773a483b1309087e4a730d75fb9724f044ac43d3d02085d4e1abcc861ca89af68a8d4e5aa81add800b6f4e1a3b46abf7565f
-
SSDEEP
24576:hjczIGMPXrXke+ZiN2d88EmWw2V3muDNiEwTcFu7sb55fTCL75ly1Ro/9/:tc3MPXrXUDddEmUXiT4b5FTE5I1Ro/
Malware Config
Signatures
-
Detect ZGRat V1 1 IoCs
resource yara_rule sample family_zgrat_v1 -
Zgrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3e919e8f2497d8d0e45c1034090e736f3f4b70252ecf769f221e46525925e668
Files
-
3e919e8f2497d8d0e45c1034090e736f3f4b70252ecf769f221e46525925e668.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 1.9MB - Virtual size: 1.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 880B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ