_.pdb
Behavioral task
behavioral1
Sample
baa29205d9f8259a5d162525eb998725761531e495753022840891bcf9bf0600.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
baa29205d9f8259a5d162525eb998725761531e495753022840891bcf9bf0600.dll
Resource
win10v2004-20240412-en
General
-
Target
baa29205d9f8259a5d162525eb998725761531e495753022840891bcf9bf0600
-
Size
311KB
-
MD5
b66caf96adebe138c09cbbc7b5ffc9ee
-
SHA1
d964ff9715571dbeb7fa7d959218b91665e91a3a
-
SHA256
baa29205d9f8259a5d162525eb998725761531e495753022840891bcf9bf0600
-
SHA512
75712f27d424f5682785abb0f884dcc0487053b1b234a05b9b87626ac48041a07382c7d8f387d6b276c3aecaa192149706fcea5216759ce3c1dd07d3bf7d1aac
-
SSDEEP
3072:9bX73R1Xz/ro4r+jO722x1ey6DhHW/iYl1NS4wJg5J5nNff:dX73R1Xz/3rZ72wQNVHWaYlnSODj
Malware Config
Signatures
-
Agenttesla family
-
Detect ZGRat V1 1 IoCs
Processes:
resource yara_rule sample family_zgrat_v1 -
Zgrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource baa29205d9f8259a5d162525eb998725761531e495753022840891bcf9bf0600
Files
-
baa29205d9f8259a5d162525eb998725761531e495753022840891bcf9bf0600.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
mscoree
_CorDllMain
Sections
.text Size: 309KB - Virtual size: 309KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 644B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ