zgrat | a821ed8e5bf8d4caf8944b5318e2a298 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a821ed8e5bf8d4caf8944b5318e2a298
Size

2.0MB
MD5

a821ed8e5bf8d4caf8944b5318e2a298
SHA1

d6d7b6865ff9be9caed9a5c44a66e6e9156a74c5
SHA256

b97938f352fece6dcd7762a5d1790d5c732be7258f965e0dcc73f76d4c3f5778
SHA512

b94a23e26e8ba135412322ce2d09eb31dcefa5cc143a8dec784a827976f642c5b602a77319f177f3e0548c29be5a45e8eac682bd66db0dcf2ae57d0a580d6855
SSDEEP

49152:zOmrDhsanOWFkiSGnhm9dGbbs5e5h9xYRRAts2B4V2Rv:KmrDhsSOWFkInhUdGboEvyT92B4VQ

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a821ed8e5bf8d4caf8944b5318e2a298

Files

a821ed8e5bf8d4caf8944b5318e2a298
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 237KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ