zgrat | 231012-jh96bagf62_pw_infected[.]zip | Triage

Resubmissions

12-01-2024 19:06

240112-xsjyrseeb8 10

12-01-2024 18:02

240112-wmss2schgn 10

Sharing

General

Target

231012-jh96bagf62_pw_infected.zip
Size

35KB
MD5

17955c29609ffc8e49d8dc28c8d6a7bc
SHA1

784bd00f9c527ec54c0728e5b4201919eb4e0652
SHA256

98e81acaa8fdb47c1444a9944c4e5609a4aba2a99ee99a31cbd6d6ffb4fb2530
SHA512

6304abd81976d8118bda81cff4db6b94aab13b3d2ff02e6be6e213c20f7ce7d4120b6b6266cfde4bab5833ac9b39d746516f464b66e27a718d06bbd47d668262
SSDEEP

768:ksZoWNt4PAjgnxjNKNt+a8S29Pz4q0XNJXDCBneyk4Tz5uU:k+wmg/KNtgPJzeXbDCvpzwU

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
static1/unpack001/bd40a562a877def50e55dca26cde9317a5090fb4fc4294ca76558a5a2cbc8bc2	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bd40a562a877def50e55dca26cde9317a5090fb4fc4294ca76558a5a2cbc8bc2

Files

231012-jh96bagf62_pw_infected.zip
.zip

Password: infected
bd40a562a877def50e55dca26cde9317a5090fb4fc4294ca76558a5a2cbc8bc2
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ