zgrat | LadonExp[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

LadonExp.exe
Size

563KB
MD5

974307426c573c6e6ce8fee889fb714e
SHA1

529389be822c788467d8698c7a031fb0a45bfeaa
SHA256

18eb3af908c1f3d258ddbf09210dcce5a8152faeceedcaf44689413c35c8cb5e
SHA512

d53247f6373a11ac0d2e966f1711f32a01ab5206ded7bea2daae10489118afddef5f0c4ac1ab5dfe656ac7f3cce31ae02ba1d4b7bcfc58184a1fa92ede32cdd5
SSDEEP

6144:h7QzB2VEojtNHlGpOk9Tc/ygYg0/J/pf75+Eg2m5w/WhSw/W9:WzwakspPDFbg21+1+9

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Files

LadonExp.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:00:c8:47:22:9d:a3:0d:ca:c0:58:00:00:00:00:00:c8
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:98FD-C61E-E641,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:42:bf:a1:04:7d:03:9e:42:ca:00:01:00:00:00:42
Certificate

Issuer

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-07-2016 17:05

Not After

07-01-2017 17:05

Subject

CN=Microsoft Windows,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0a:59:2b:00:00:00:00:00:3b
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

11-02-2016 23:24

Not After

09-05-2021 23:28

Subject

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:3a:6c:fb:77:64:a3:2b:40:95:7c:03:20:89:28:0e:c0:d6:ed:c9
Signer

Actual PE Digest

2f:3a:6c:fb:77:64:a3:2b:40:95:7c:03:20:89:28:0e:c0:d6:ed:c9

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 517KB - Virtual size: 516KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:00:c8:47:22:9d:a3:0d:ca:c0:58:00:00:00:00:00:c8Certificate

Extended Key Usages

33:00:00:00:42:bf:a1:04:7d:03:9e:42:ca:00:01:00:00:00:42Certificate

Extended Key Usages

61:0a:59:2b:00:00:00:00:00:3bCertificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

2f:3a:6c:fb:77:64:a3:2b:40:95:7c:03:20:89:28:0e:c0:d6:ed:c9Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 517KB - Virtual size: 516KB

.rsrc Size: 39KB - Virtual size: 38KB

.reloc Size: 512B - Virtual size: 12B

33:00:00:00:c8:47:22:9d:a3:0d:ca:c0:58:00:00:00:00:00:c8
Certificate

33:00:00:00:42:bf:a1:04:7d:03:9e:42:ca:00:01:00:00:00:42
Certificate

61:0a:59:2b:00:00:00:00:00:3b
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

2f:3a:6c:fb:77:64:a3:2b:40:95:7c:03:20:89:28:0e:c0:d6:ed:c9
Signer

.text
Size: 517KB - Virtual size: 516KB

.rsrc
Size: 39KB - Virtual size: 38KB

.reloc
Size: 512B - Virtual size: 12B