zgrat | 49d0dff334b9905fc019d7e1f5538a30973ebb89501094ab6bb286139ef7992d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

49d0dff334b9905fc019d7e1f5538a30973ebb89501094ab6bb286139ef7992d
Size

307KB
MD5

3fa17f286b82561d7733eb15f464407a
SHA1

324e0e6b2ee86f777babf86c12a84934109690ab
SHA256

49d0dff334b9905fc019d7e1f5538a30973ebb89501094ab6bb286139ef7992d
SHA512

03bbc77cae35ea87618dd1d8f067e51c0bcf5fc612ce09a52e23bcbe40e9e444439253a90fa7a7fe4892e1776727915fcbea37eedead7625e4e56331d840e841
SSDEEP

3072:kjBRhJ5hj2zAtHcnufNmv3KM4bUUzDIIAfQrb4xFeqlZ4ejNHKBe91BSxO:kFRhJ5hyzAtHcnebUUQfqqlOeZqW2x

Score

10^/10

zgrat agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
vololiberotrentino.us
Port:
587
Username:
[email protected]
Password:
nrS2iVFluOE6
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49d0dff334b9905fc019d7e1f5538a30973ebb89501094ab6bb286139ef7992d

Files

49d0dff334b9905fc019d7e1f5538a30973ebb89501094ab6bb286139ef7992d
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ