zgrat | 3cffc21b5a0090e2b609f4e549a8fcc44685838ff09e49f8b26c8a564a00bd34 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3cffc21b5a0090e2b609f4e549a8fcc44685838ff09e49f8b26c8a564a00bd34
Size

308KB
MD5

d62bb872dca10aa0d0655be05622e810
SHA1

3113d8bdd270a864777eb0c93a9401f21a685ed5
SHA256

3cffc21b5a0090e2b609f4e549a8fcc44685838ff09e49f8b26c8a564a00bd34
SHA512

91698431aadb87d9f682932c72f8cabe4bb383eceda7e4b72f588c94ad01db366ae4983d33e360b9b38b917c4b058b775c47e0c1e1e7073238ffaebab0470d7c
SSDEEP

6144:4MwiqiqylTPAlAhnELuawRrmdlIYu3SDKNr:7wiqiqyhPAlAYwhQu/iDK

Score

10^/10

zgrat agenttesla

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.sturmsgroup.com
Port:
587
Username:
[email protected]
Password:
VnQCqcdkmL3fYlk(
Email To:
[email protected]

Signatures

Agenttesla family
agenttesla

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3cffc21b5a0090e2b609f4e549a8fcc44685838ff09e49f8b26c8a564a00bd34

Files

3cffc21b5a0090e2b609f4e549a8fcc44685838ff09e49f8b26c8a564a00bd34
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 305KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ