zgrat | NEAS[.]421bff513232de6adf60e78f45df28ed50b3897a27570596e12f661d2bb4e8d9[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.421bff513232de6adf60e78f45df28ed50b3897a27570596e12f661d2bb4e8d9.exe
Size

2.8MB
MD5

457ba217e61453ff1dc2225ce50d9246
SHA1

4f4c453b728a5c0de525d0be1f2c343c9a61e867
SHA256

421bff513232de6adf60e78f45df28ed50b3897a27570596e12f661d2bb4e8d9
SHA512

0cab405b82ef6369ab06979859005f8cfaa1485496a030577eef6856318172e376417e878e9ac93a92dbfc75e4c8e85df1cef4274e84adb5337339e53aeb63f8
SSDEEP

49152:lXpQhJ/LbeE1uiNzBR9wgBlCIxYKZiBUyYTEpSvybJZn36zul1GjPxqrF7U0Vk6f:lMykFwF34BEx

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Files

NEAS.421bff513232de6adf60e78f45df28ed50b3897a27570596e12f661d2bb4e8d9.exe
.exe windows:4 windows x64

Code Sign

4a:af:62:63:63:a7:be:87:4b:4a:39:db:6f:24:d4:82
Certificate

Issuer

CN=Intel Celeron Skylake G3900 OEM v2

Not Before

16-12-2022 14:40

Not After

17-12-2032 14:40

Subject

CN=Intel Celeron Skylake G3900 OEM v2

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d7:ca:41:30:e9:cb:10:41:59:30:3c:36:48:93:d6:4a:a1:9e:7a:1e:c4:49:3e:09:7c:b0:4a:b7:1e:a9:d6:79
Signer

Actual PE Digest

d7:ca:41:30:e9:cb:10:41:59:30:3c:36:48:93:d6:4a:a1:9e:7a:1e:c4:49:3e:09:7c:b0:4a:b7:1e:a9:d6:79

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

4a:af:62:63:63:a7:be:87:4b:4a:39:db:6f:24:d4:82Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

d7:ca:41:30:e9:cb:10:41:59:30:3c:36:48:93:d6:4a:a1:9e:7a:1e:c4:49:3e:09:7c:b0:4a:b7:1e:a9:d6:79Signer

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rsrc Size: 85KB - Virtual size: 84KB

4a:af:62:63:63:a7:be:87:4b:4a:39:db:6f:24:d4:82
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

d7:ca:41:30:e9:cb:10:41:59:30:3c:36:48:93:d6:4a:a1:9e:7a:1e:c4:49:3e:09:7c:b0:4a:b7:1e:a9:d6:79
Signer

.text
Size: 2.7MB - Virtual size: 2.7MB

.rsrc
Size: 85KB - Virtual size: 84KB