zgrat | BridgeWin[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

BridgeWin.exe
Size

3.3MB
MD5

08efce1648b0191ab668a92693f404d2
SHA1

8e0e2293ac8a05c4ead1db9f35131814af0f0838
SHA256

4a9ccd37881052fa211713f88560e534684dc38bf54869b89e044f1606924191
SHA512

86a7f9f8dd555408de32ebbc43825da2d01bdf1504d0ccd7d087195586f0276726444c11b1e6cc5c4c2bb7aaf3e7ec1ccd885ded7168b2f800c42aa012169186
SSDEEP

49152:gCz5hm/qbhLLVAaM0+aSp0a+utgmvaIQLk7vsFMT2QbZCsL5A+rTpeZic:gCz5hvLqa3fSp0a+u6mt6cZnFDeE

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BridgeWin.exe

Files

BridgeWin.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ