zgrat | a09f45da973a8c76b3730edca2b0aaa01581ddcbe4161adf820e4913a5abf449[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

a09f45da973a8c76b3730edca2b0aaa01581ddcbe4161adf820e4913a5abf449.exe.zip
Size

4.9MB
MD5

7ee46a56441587c34b376fbdca5fa163
SHA1

53196b787c4e488df0464f748302e42b48b20694
SHA256

ee1d5329c414637423f07a2735bf3328515edf7a009764a06ad7d514a7456830
SHA512

1daf04c1036f5a866b3d187c6ca098a8496643693c4d757b9a884ce8d84f2f2a911df36d3f19bea88ed786a260a25d30f98c2439c1cb41381fe28252820f9725
SSDEEP

98304:oJ3rhX1dsYJtac79FTY3XBtxvaSTC0XGuYGuLhOn2bmaEJySXha4O:E7h1tNFsnBDSSTL2RhSa8yGa4O

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
static1/unpack001/a09f45da973a8c76b3730edca2b0aaa01581ddcbe4161adf820e4913a5abf449.exe	family_zgrat_v1

Zgrat family
zgrat

Files

a09f45da973a8c76b3730edca2b0aaa01581ddcbe4161adf820e4913a5abf449.exe.zip
.zip

Password: infected
a09f45da973a8c76b3730edca2b0aaa01581ddcbe4161adf820e4913a5abf449.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

6e:cb:55:49:b6:ce:aa:44:be:5f:16:45:33:0f:74:40
Certificate

Issuer

CN=LinhEm.Com

Not Before

31/12/2012, 17:00

Not After

31/12/2098, 17:00

Subject

CN=LinhEm.Com

Extended Key Usages

ExtKeyUsageCodeSigning

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:f8:32:9c:11:9b:76:c6:23:d8:91:09:40:0d:e6:e8:1d:1e:1b:9c
Signer

Actual PE Digest

1d:f8:32:9c:11:9b:76:c6:23:d8:91:09:40:0d:e6:e8:1d:1e:1b:9c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

6e:cb:55:49:b6:ce:aa:44:be:5f:16:45:33:0f:74:40Certificate

Extended Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1d:f8:32:9c:11:9b:76:c6:23:d8:91:09:40:0d:e6:e8:1d:1e:1b:9cSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 5.4MB - Virtual size: 5.4MB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 12B

6e:cb:55:49:b6:ce:aa:44:be:5f:16:45:33:0f:74:40
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1d:f8:32:9c:11:9b:76:c6:23:d8:91:09:40:0d:e6:e8:1d:1e:1b:9c
Signer

.text
Size: 5.4MB - Virtual size: 5.4MB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B