zgrat | 2088-20-0x00000000003B0000-0x0000000000404000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2088-20-0x00000000003B0000-0x0000000000404000-memory.dmp
Size

336KB
MD5

7d7dc7bd728f8570ce470340b3764359
SHA1

f420266bed9f684d0a95f03b77c20b556a78f438
SHA256

9e53895affbf1b0140e57495b67a12bc5d820a44d80fbcbe110398b9f6442bf8
SHA512

ff2aa2dd8134b2cc098213c6ef56dc924196417667b055a3c91221db054052b1ca791e64bd29b79fa372740af9ec5c5f7f0c1b541d79db3c723130f1cfb7f12b
SSDEEP

3072:fMmYbCWC9JZsV3PRndaoesJ4aYpmJleFwlwKOh7SZkUHwEUeK:NYbCWC9JZy9dao/3Mel8hYAEk

Score

10^/10

zgrat agenttesla

Malware Config

Signatures

Agenttesla family
agenttesla

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2088-20-0x00000000003B0000-0x0000000000404000-memory.dmp

Files

2088-20-0x00000000003B0000-0x0000000000404000-memory.dmp
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

_.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ