zgrat | HJxg[.]zip | Triage

Resubmissions

22/10/2023, 13:01

231022-p9hs2agd9y 10

22/10/2023, 12:58

231022-p7nlhagd81 10

Sharing

Copy URL Twitter E-mail

General

Target

HJxg.zip
Size

3.1MB
MD5

cb7bf25513d9b0f71736827fad600492
SHA1

3b58b47dc9c8fae1f52d3ae57420c2410b7511cc
SHA256

34b1d682ade047bbf15a5b6a9b78d259818aba7f8b71355724b4e6615bb7d4ee
SHA512

e959a429022585d4ad3d629b3e7ebaa37c37dc94133ca4db42cf0d9acf5934db77101fa6d4610e3b4aa80ff53456d24d1d47402c951daa630704e7ab7b8ff883
SSDEEP

98304:QotBpyvDI4ckEckLZZJDf26WM+DrTgXDP5erQzguvA2j:Qu4ckEccJLTWXDrTgTP5erDK

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
static1/unpack001/shit.binary	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/shit.binary

Files

HJxg.zip
.zip
shit.binary
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ