Behavioral task
behavioral1
Sample
767af1c6975f5efa1ed14cc6c8786173f4c2f7b7f340fc44d38e5ad04a0c3989.exe
Resource
win7-20240221-en
General
-
Target
767af1c6975f5efa1ed14cc6c8786173f4c2f7b7f340fc44d38e5ad04a0c3989
-
Size
12.5MB
-
MD5
f30aee8e8cfea3e18118b26f15a49828
-
SHA1
d370fe03843e5822c91cb849b09d3f0378e9b4da
-
SHA256
767af1c6975f5efa1ed14cc6c8786173f4c2f7b7f340fc44d38e5ad04a0c3989
-
SHA512
d9897dea701e7d48088aef6b2984688b9557b4730aab81301bc6d7de5c6ee6372eef97eac2ca49020845160dc68f747b711583e3c612e3be5ec58c983efe1474
-
SSDEEP
196608:SOEizcf5W+ut0/w0YNXvM8xd4rm/YS0YEDkloaxLe5f9:Vjcf5MkwXNXvM8xd7YGroaxL
Malware Config
Signatures
-
Detect ZGRat V1 1 IoCs
resource yara_rule sample family_zgrat_v1 -
Zgrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 767af1c6975f5efa1ed14cc6c8786173f4c2f7b7f340fc44d38e5ad04a0c3989
Files
-
767af1c6975f5efa1ed14cc6c8786173f4c2f7b7f340fc44d38e5ad04a0c3989.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 12.4MB - Virtual size: 12.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 75KB - Virtual size: 75KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ