zgrat | d165d4e09ea0624e62fd5bd90fe68c96[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

d165d4e09ea0624e62fd5bd90fe68c96.bin
Size

3.0MB
MD5

f0aa8a607f025eb92fa1db4a6b748972
SHA1

f23729c5ab48cbeb86738c1cb80eb68dd9a52337
SHA256

786b6b22ceb5c79287dcc43d0bf106add84e071cf1fa53a73ef64ac5e1189fbe
SHA512

9b2ccfc89473c962d6ccb5ac4d6860d34484a7ffcaf1788317b89502991ef2e13d27105c3240efe0428e46cb211a1b4cf707e2dba3ec1b7b8ce136c3650ccaa8
SSDEEP

49152:FheDffMRstyvmJHvZ7iGXeTLCsd+WE6Dvp7dzBu8PFliWW6sI:LeDffMeRHhSLLcjCN9BuQd

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
static1/unpack001/c6befd3879040aeca88afd9b461177c9a3fc830f2020f2878696ddca0cea994e.exe	family_zgrat_v1

Zgrat family
zgrat

Files

d165d4e09ea0624e62fd5bd90fe68c96.bin
.zip

Password: infected
c6befd3879040aeca88afd9b461177c9a3fc830f2020f2878696ddca0cea994e.exe
.exe windows:4 windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

43:17:39:04:c6:8a:46:bd:4d:1f:b8:e3:c1:ad:72:55
Certificate

Issuer

CN=¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.

Not Before

29/10/2023, 10:42

Not After

30/10/2033, 10:42

Subject

CN=¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

37:7d:74:78:b1:10:bd:73:10:72:68:a2:29:9b:29:1c:b0:18:ca:aa:6f:35:86:1b:b7:84:36:3a:39:e5:29:0b
Signer

Actual PE Digest

37:7d:74:78:b1:10:bd:73:10:72:68:a2:29:9b:29:1c:b0:18:ca:aa:6f:35:86:1b:b7:84:36:3a:39:e5:29:0b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

43:17:39:04:c6:8a:46:bd:4d:1f:b8:e3:c1:ad:72:55Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

37:7d:74:78:b1:10:bd:73:10:72:68:a2:29:9b:29:1c:b0:18:ca:aa:6f:35:86:1b:b7:84:36:3a:39:e5:29:0bSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 4.3MB - Virtual size: 4.3MB

.rsrc Size: 165KB - Virtual size: 164KB

.reloc Size: 512B - Virtual size: 12B

43:17:39:04:c6:8a:46:bd:4d:1f:b8:e3:c1:ad:72:55
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

37:7d:74:78:b1:10:bd:73:10:72:68:a2:29:9b:29:1c:b0:18:ca:aa:6f:35:86:1b:b7:84:36:3a:39:e5:29:0b
Signer

.text
Size: 4.3MB - Virtual size: 4.3MB

.rsrc
Size: 165KB - Virtual size: 164KB

.reloc
Size: 512B - Virtual size: 12B