240219-dsgc4aha8w_pw_infected[.]zip | Triage

Sharing

General

Target

240219-dsgc4aha8w_pw_infected.zip
Size

9.6MB
MD5

94383650d3f84765d1bb592fc4fe43f4
SHA1

eb53c3e4b66ff46b253ad04d02d367dcdd5445df
SHA256

3339684c5ea9d82228af499585907e9eab5a99ecaf9fda63518fa112ba394527
SHA512

75525736a528a2e733873e74fb9330bc72084162bfdc5db79bc4f5d80b6d00ee629163f2bcd4219d79a6eaf1560e7df79f0c56593fff74ffb6fb7354e3a17881
SSDEEP

196608:4TCgVjt/t+zdHIrBlaKfZcPxhe7EBCMjocOxtlO+QLAdc:6VjNYz8tm5C8kxL36

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/WZAgent.exe

Files

240219-dsgc4aha8w_pw_infected.zip
.zip

Password: infected
240219-dsgc4aha8w-behavioral2.pcap
240219-dsgc4aha8w-behavioral2.pcapng
WZAgent.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WZAgent.pdb

Sections

.text
Size: 9.3MB - Virtual size: 9.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ