zgrat | 3f290e0f3f1287b6ed89d05a559ebb93 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f290e0f3f1287b6ed89d05a559ebb93
Size

9.6MB
MD5

3f290e0f3f1287b6ed89d05a559ebb93
SHA1

7b45cbd9918c245b99088519e262eabac260c43c
SHA256

7773fc281adb5a727e068fbaeded2d9f387ea52aa146eee3e0047cc683164a1a
SHA512

c2ba3529f05f2f24e89f3cce27abdee47885600e507ddc70df9063cd3daab2587e2c0414b7e5d386d2b1eb5281db4facd3edf77fae73c80146c51d8e017b5ef7
SSDEEP

196608:pmopOnMlOpUCSZ4G3a9THdPHCMkb1OWi1dMgg:9dZ4G3aZHdPiMk5iA

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f290e0f3f1287b6ed89d05a559ebb93

Files

3f290e0f3f1287b6ed89d05a559ebb93
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 9.5MB - Virtual size: 9.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ