zgrat | cf08c7603f3d0453fffa3b09991519e2033c9e3e576e058126836114628a25c1

Sharing

Copy URL

Twitter E-mail

General

Target

cf08c7603f3d0453fffa3b09991519e2033c9e3e576e058126836114628a25c1
Size

3.0MB
MD5

f14263b3743699a834cda2a17791b5f6
SHA1

acfedd9973262145782fa4774f58e67e5f04015a
SHA256

cf08c7603f3d0453fffa3b09991519e2033c9e3e576e058126836114628a25c1
SHA512

8cf0b56e98b2d9182fae72c7c76d2da202564cfb472d2a222148ac9c07269258dc5c7f8bade0122fc431a00ba5386cfd39c3e8dd83ebefb301d7bbb521a1d0de
SSDEEP

24576:sqTVkUQnbnaPGqtarEgNGhuYeoGJjzYr2EnuLwKTDB9iHcNvL//IJhJ8z0/eyOlc:5uaOTrEht7yApurDmHcNj/QAc

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Files

cf08c7603f3d0453fffa3b09991519e2033c9e3e576e058126836114628a25c1
.exe windows:4 windows x64

Code Sign

5f:cd:5e:93:49:26:1c:94:49:b8:8b:41:24:df:50:04
Certificate

Issuer

CN=Logitech ZC-9016 USA State of Washington

Not Before

15-12-2021 11:48

Not After

16-12-2031 11:48

Subject

CN=Logitech ZC-9016 USA State of Washington

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:05:b0:4b:df:f2:28:4c:db:74:3c:22:51:e7:6c:32:b7:73:05:44:6e:06:5f:32:c6:51:51:1a:21:7f:bb:aa
Signer

Actual PE Digest

62:05:b0:4b:df:f2:28:4c:db:74:3c:22:51:e7:6c:32:b7:73:05:44:6e:06:5f:32:c6:51:51:1a:21:7f:bb:aa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 920KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

5f:cd:5e:93:49:26:1c:94:49:b8:8b:41:24:df:50:04Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

62:05:b0:4b:df:f2:28:4c:db:74:3c:22:51:e7:6c:32:b7:73:05:44:6e:06:5f:32:c6:51:51:1a:21:7f:bb:aaSigner

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rsrc Size: 920KB - Virtual size: 920KB

5f:cd:5e:93:49:26:1c:94:49:b8:8b:41:24:df:50:04
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

62:05:b0:4b:df:f2:28:4c:db:74:3c:22:51:e7:6c:32:b7:73:05:44:6e:06:5f:32:c6:51:51:1a:21:7f:bb:aa
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rsrc
Size: 920KB - Virtual size: 920KB