zgrat | 44a1e9d75953e7ca5273c467e2b29247[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

44a1e9d75953e7ca5273c467e2b29247.bin
Size

3.0MB
MD5

3a7165edd8b9fbdc556f13bd7cd4b005
SHA1

1703396de07f4efd86694c06339138f667b86fee
SHA256

00dec76f58103db890431ecbf88f9f3d29f59d6ee9116a939717ce43b39f4b0d
SHA512

1af152ab6f6271dce00325ac1e3d9ea524e2d2ecf064542ade4fa7d88756c9b3502697e2ef61494ff601f897138d381ff40ac6845677f6027fcb707d773f4269
SSDEEP

49152:IaVI8mfgm4mxcrawBCx6vzOI0pTNV4K3RRE8pKuRqsxYpnJfs5WbKxqRA08UPX6:INTSvBA4CPb4oR68pgsx4nRswmq+ls6

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
static1/unpack001/e3d5437ab324ea9edf537a1e22032cbe89455ebb52ca40a61d5e68c325fc578f.exe	family_zgrat_v1

Zgrat family
zgrat

Files

44a1e9d75953e7ca5273c467e2b29247.bin
.zip

Password: infected
e3d5437ab324ea9edf537a1e22032cbe89455ebb52ca40a61d5e68c325fc578f.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2009, 10:00

Not After

18/03/2019, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:67:b7:72:b7:5e:33:c5:58:ac:92:d6
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

13/03/2017, 10:19

Not After

24/02/2020, 02:13

Subject

CN=Fujitsu Limited,OU=IT Security,O=Fujitsu Limited,L=Minato-Ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

40:cb:42:89:5c:3e:74:94:26:97:ad:2f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/01/2017, 10:00

Not After

24/02/2028, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 001-02,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

89:c8:fb:df:e2:49:01:05:bb:c3:58:8d:cc:4c:f7:00:87:8b:70:ed
Signer

Actual PE Digest

89:c8:fb:df:e2:49:01:05:bb:c3:58:8d:cc:4c:f7:00:87:8b:70:ed

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

04:00:00:00:00:01:25:07:1d:f9:afCertificate

Key Usages

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

37:67:b7:72:b7:5e:33:c5:58:ac:92:d6Certificate

Extended Key Usages

Key Usages

40:cb:42:89:5c:3e:74:94:26:97:ad:2fCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

89:c8:fb:df:e2:49:01:05:bb:c3:58:8d:cc:4c:f7:00:87:8b:70:edSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rsrc Size: 142KB - Virtual size: 142KB

.reloc Size: 512B - Virtual size: 12B

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

37:67:b7:72:b7:5e:33:c5:58:ac:92:d6
Certificate

40:cb:42:89:5c:3e:74:94:26:97:ad:2f
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

89:c8:fb:df:e2:49:01:05:bb:c3:58:8d:cc:4c:f7:00:87:8b:70:ed
Signer

.text
Size: 3.8MB - Virtual size: 3.8MB

.rsrc
Size: 142KB - Virtual size: 142KB

.reloc
Size: 512B - Virtual size: 12B