zgrat | 89f23af8be3574b333c72ac3b6c57e6d[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

89f23af8be3574b333c72ac3b6c57e6d.bin
Size

277KB
MD5

cd9b43344c8f3382ee4a5cb4122fae6e
SHA1

467b70478e0abf8b06ba6fc844e6033a5e52c90e
SHA256

c3b9a3abdd1a42285cd8f6bc23a419f3f757a9049025818549732fb391ad7598
SHA512

01e86d8acbb30b24817781e0c13e9aca49eaaa441d777ab2cb20145c20f238b1b53eb3f586c705386f98479a9958c0ad4bfc75af834f2b4178064beed3e69e44
SSDEEP

6144:EAHgCHP6fAjwO7W+eujtYcU7KhuuG2NJQ1ddSo9+gZFH8RBtH+rIDj:w8P6fjgWAjtYck2bmUc+gZp8ZSs

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
static1/unpack001/3eaeb46fc4d1fdaa702a89fbd251ae32d660ab77fbbe8bc02f3a8f3a9f8d4fef.exe	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3eaeb46fc4d1fdaa702a89fbd251ae32d660ab77fbbe8bc02f3a8f3a9f8d4fef.exe

Files

89f23af8be3574b333c72ac3b6c57e6d.bin
.zip

Password: infected
3eaeb46fc4d1fdaa702a89fbd251ae32d660ab77fbbe8bc02f3a8f3a9f8d4fef.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 374KB - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ