General
-
Target
231012-jh96bagf62_pw_infected.zip
-
Size
35KB
-
MD5
17955c29609ffc8e49d8dc28c8d6a7bc
-
SHA1
784bd00f9c527ec54c0728e5b4201919eb4e0652
-
SHA256
98e81acaa8fdb47c1444a9944c4e5609a4aba2a99ee99a31cbd6d6ffb4fb2530
-
SHA512
6304abd81976d8118bda81cff4db6b94aab13b3d2ff02e6be6e213c20f7ce7d4120b6b6266cfde4bab5833ac9b39d746516f464b66e27a718d06bbd47d668262
-
SSDEEP
768:ksZoWNt4PAjgnxjNKNt+a8S29Pz4q0XNJXDCBneyk4Tz5uU:k+wmg/KNtgPJzeXbDCvpzwU
Malware Config
Signatures
-
Detect ZGRat V1 1 IoCs
resource yara_rule static1/unpack001/bd40a562a877def50e55dca26cde9317a5090fb4fc4294ca76558a5a2cbc8bc2 family_zgrat_v1 -
Zgrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/bd40a562a877def50e55dca26cde9317a5090fb4fc4294ca76558a5a2cbc8bc2
Files
-
231012-jh96bagf62_pw_infected.zip.zip
Password: infected
-
bd40a562a877def50e55dca26cde9317a5090fb4fc4294ca76558a5a2cbc8bc2.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 66KB - Virtual size: 66KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ