zgrat | f142bf442ea7eaea8c824528ed13954a[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

f142bf442ea7eaea8c824528ed13954a.bin
Size

2.6MB
MD5

47fdd1781a0f5f21f547b2325169d0c0
SHA1

41911a569e83078893d530a23faa56bcabd178c2
SHA256

ec799991f6420c815bdfa81f30058a50081415651ec90d81237bb3913d43def9
SHA512

6b831245a8cb1eae70feb1c6e1640a36a75f9863a60dd154c1853738e5071f72d8646f69eccd3527c8306d6d25e5ba3caa8289dbd0168550d716500bbf27b9c1
SSDEEP

49152:i6qb2AUy+loEzCZgsA/CxO1XZthCC6TcAlqJIZ8iaBsC8jAOkReSF2sBS:imAUy+l3zCNA/HtcTcAlqJuy38jAOlS8

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
static1/unpack001/1d0576fc2d90c0cc07673c28a7a72e287d17740a25ef7c7df8d586dd9c07191c.exe	family_zgrat_v1

Zgrat family
zgrat

Files

f142bf442ea7eaea8c824528ed13954a.bin
.zip

Password: infected
1d0576fc2d90c0cc07673c28a7a72e287d17740a25ef7c7df8d586dd9c07191c.exe
.exe windows:4 windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

43:17:39:04:c6:8a:46:bd:4d:1f:b8:e3:c1:ad:72:55
Certificate

Issuer

CN=¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.

Not Before

29/10/2023, 10:42

Not After

30/10/2033, 10:42

Subject

CN=¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:6c:92:8c:1e:a0:7c:db:26:0b:f1:be:21:08:4f:d0:d1:7b:61:50:df:d2:f6:9b:0a:9e:1e:fc:fa:ab:5e:3e
Signer

Actual PE Digest

13:6c:92:8c:1e:a0:7c:db:26:0b:f1:be:21:08:4f:d0:d1:7b:61:50:df:d2:f6:9b:0a:9e:1e:fc:fa:ab:5e:3e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

43:17:39:04:c6:8a:46:bd:4d:1f:b8:e3:c1:ad:72:55Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

13:6c:92:8c:1e:a0:7c:db:26:0b:f1:be:21:08:4f:d0:d1:7b:61:50:df:d2:f6:9b:0a:9e:1e:fc:fa:ab:5e:3eSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rsrc Size: 201KB - Virtual size: 200KB

.reloc Size: 512B - Virtual size: 12B

43:17:39:04:c6:8a:46:bd:4d:1f:b8:e3:c1:ad:72:55
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

13:6c:92:8c:1e:a0:7c:db:26:0b:f1:be:21:08:4f:d0:d1:7b:61:50:df:d2:f6:9b:0a:9e:1e:fc:fa:ab:5e:3e
Signer

.text
Size: 3.4MB - Virtual size: 3.4MB

.rsrc
Size: 201KB - Virtual size: 200KB

.reloc
Size: 512B - Virtual size: 12B