zgrat | Setupexe[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Setupexe.exe
Size

589KB
MD5

9f70e4c56022297238df06466dc6c0bf
SHA1

320acc8331a69681c6e8c6dd2deac247ad93b9f3
SHA256

63bf25cd7b56f9a74195c034a448cda47bb268435bfaa2b9aa937be1347a9806
SHA512

bde8a44b9128c53e5e45825b3229da7e58cf6f41434086ccc47e7f6e409325dc0ede64d7b79358ce567f34eb802292cb43e48b93c5411713eaf661e25c101a6a
SSDEEP

12288:SPHUMLhf5YTY79hbgHIqcIc41adQk8nYRKNRvtVi70eb4r:mYTYEIqG41CQk9oNRvtVi4r

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Setupexe.exe

Files

Setupexe.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 587KB - Virtual size: 587KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 578B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ