alienwithin / Zepto-Ransomware-DocDump Public

Notifications You must be signed in to change notification settings
Fork 6
Star 3

This is a dump of the sample shared by John Troony

3 stars 6 forks Branches Tags Activity

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
macros		macros
original_file		original_file
streams		streams
README.md		README.md
Simple_Dump.txt		Simple_Dump.txt
manifest		manifest
unknown_sectors_0.dat		unknown_sectors_0.dat

Repository files navigation

Zepto Ransomware Document Dump

This is a dump of the sample shared by John Troony i.e. the .docm file sent via email to victims. It is a downloader for the actual ransomware

https://github.com/JohnTroony/Zepto-sample

The VT submission can be found here: https://www.virustotal.com/en/file/8aabb3e77b4d3a75a6cc1c7a5ef7c2d9fc7231ef0d890a2c14c8adf13d3ccca4/analysis/

The dump includes the following :

Streams
Macros
Unknown Sectors (sectors that are not represented in the FAT)
FAT values that point to sectors that do not exist.
FAT structure
Expected file size based on the number of FAT sectors and sector size

About

This is a dump of the sample shared by John Troony

Report repository

Releases

No releases published

Packages

No packages published

Languages

Visual Basic .NET 100.0%