888gtag[.]zip | Triage

Sharing

General

Target

888gtag.zip
Size

147KB
MD5

0d2246b293a8bb4a4e65b96a2338b8c4
SHA1

4e4a2575fded221d78da416e32055902f808d14c
SHA256

a29fca5d39ac65745741236a20b1860df18db50c55c24ee2c1f168e0a5284329
SHA512

40e7be1c69d26e4332e4c417779bb15efc290e0671882c59870ae01ae5b9031ca48c0c9f7f8419f4d66133677b784f2534c2bd8cf5366721cb990f8627d18e8a
SSDEEP

3072:UnFa9u1lZoX6Cy49kLsw9BeBuU2rfnGGrlzvO8Ul/lV/1tks:r9aBW9kLlBeBGGGJzm8Ul/lxn

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/888gtag/888GorillaTag.exe
unpack001/888gtag/888GtagV2.exe

Files

888gtag.zip
.zip

Password: difjdifdjidfjdif@#!11
888gtag/888GorillaTag.exe
.exe windows:4 windows x64 arch:x64

Password: difjdifdjidfjdif@#!11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
888gtag/888GtagV2.exe
.exe windows:4 windows x64 arch:x64

Password: difjdifdjidfjdif@#!11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
888gtag/888gtag.zip