zgrat | 3ca35f9ab86c24978de9677b9beba875[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3ca35f9ab86c24978de9677b9beba875.bin
Size

917KB
MD5

8ec66196211eae14275223915c60de5d
SHA1

14f4d73c000fa4073aecc5c5f832cf80bf39195e
SHA256

47db7da4e7f756bab6c937af7527fbded64b07f44b70a5cdebf67e8f6e62cf86
SHA512

be9cb1811f5296376e28c043f89f25c984a507d00ea4b1d90d9376ddc4e79a2e56a9fedb85b44db57356d1a447e7fc73b9d0929a189918af3b1e357dad2b8743
SSDEEP

24576:XSGkteRNtVOmG1mngtl6FHyivrRDOAzZzEx1DX:X4wXYmEmgtQFHyG0AdIx1DX

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
static1/unpack001/4f21b13659c11d2179c8f1670141f894a05cc7e63e8aabeddd7bf864c3b84e6e.exe	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/4f21b13659c11d2179c8f1670141f894a05cc7e63e8aabeddd7bf864c3b84e6e.exe

Files

3ca35f9ab86c24978de9677b9beba875.bin
.zip

Password: infected
4f21b13659c11d2179c8f1670141f894a05cc7e63e8aabeddd7bf864c3b84e6e.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ