zgrat | payload[.]zip | Triage

Resubmissions

31-10-2023 00:33

231031-awje3sff4x 10

31-10-2023 00:28

231031-asf6jshf49 10

Sharing

General

Target

payload.zip
Size

2.4MB
MD5

c9234731ddddb8d2c6c2b461b5450389
SHA1

7b6091b76e01e3c19d7c0d0545c60f935d71f7ba
SHA256

0b064d5509e3210609dbdff3bc59f84eb5d582aac57f59030dc945b807933cab
SHA512

3d3e0dba7263d3935bd695dbd3e3cf4a300dd1a1b4fff45e1b1cb4de50259f4b9c14f9ff690d93d724798b4757ac7cb3fa4a5baf94fa5bf11afd53a0f3200b3e
SSDEEP

49152:gGYFK8ciI4gVvzV64OLruNEU7e/Ba/ZcCdB3ZV6LxQ9OzJglJ:p0I4OZK4EU7CB6drVeQ4o

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
static1/unpack001/uwp4098452.bin	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/uwp4098452.bin

Files

payload.zip
.zip

Password: infected
uwp4098452.bin
.dll windows:4 windows x86

Password: infected

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x.ps1