zgrat | download[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

download.dat
Size

837KB
MD5

24f140dbf005040dd2ebc5858804ca12
SHA1

4c9cc550ad0b846cce78008166922d7338bbc597
SHA256

6a06f09b0f3348b73493fa83519770f532b0e35eae03598a5508cd88bd77c416
SHA512

af4c1a492a7986501f35328c2919692e1b42247919d7c60d28123b0053ef556c72b402fae006e95e71b9e5cac2559185ec526726b268edd0652e8b4d2234d3dc
SSDEEP

24576:/TdbhAa6eGRXYb3npCl3qVzXTBusBFpl:/TXP6XZ+1BFp

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
download.dat

Files

download.dat
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 835KB - Virtual size: 834KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ