zgrat | b9998ad96f5218b54e4deb6385064a57[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b9998ad96f5218b54e4deb6385064a57.bin
Size

3.7MB
MD5

fccb212d89977144a730c51b62603f1e
SHA1

eecb0ff4bd00039631c2d84b41aada277c01c4bf
SHA256

e96f29ed3c3147722f1fc1e14b67b8310c495d005f60f78ce58abf28bb8870f2
SHA512

d003806505ff6f94506835d04070bd01101fd61ad2628ede5f50dc2e8df3179451d8d6604bb64703c182fe4962ee532f81231556cf76ba3cf0ac92741e65d1bd
SSDEEP

98304:GeuGg+cmqmlnL/4riyM9pcqYa8lOtv4t7cEZZHlQI5A:GMgkqOL/4M9pR8lu4t7cKHlPA

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
static1/unpack001/e4a811441488a49a640f234d4e514d6746ad7ea39c4f1fe750182a358acc4d0d.exe	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e4a811441488a49a640f234d4e514d6746ad7ea39c4f1fe750182a358acc4d0d.exe

Files

b9998ad96f5218b54e4deb6385064a57.bin
.zip

Password: infected
e4a811441488a49a640f234d4e514d6746ad7ea39c4f1fe750182a358acc4d0d.exe
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 770B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ