zgrat | 833B43AEECF9B5B74B966FB9D0398257[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

833B43AEECF9B5B74B966FB9D0398257.exe
Size

3.5MB
MD5

833b43aeecf9b5b74b966fb9d0398257
SHA1

7f2fa70ce0a9651d827f9d569159e12c17c61e67
SHA256

40faf695c36c68e2cb0e605c72a8b2fdc0a5ea561b01fb74d4e66d0c98707c0a
SHA512

70d68ae28cbd90c9d122d984649b0933d3d96878a350632feb8a64cfba05cdc813ab5039259569e552ed8281e2f469437ca58db72e522a2b228b6b5c095ed624
SSDEEP

49152:GnmoeyaeX1r6B2vj4p23/W83UVVEElyt66eubXz+2eojsFInzoy:GoyaeXsB2vj1WEEst+qEQwTy

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
833B43AEECF9B5B74B966FB9D0398257.exe

Files

833B43AEECF9B5B74B966FB9D0398257.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ