zgrat | 0fa8c3a81d1bbf12d1beb0ca64a558e1[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0fa8c3a81d1bbf12d1beb0ca64a558e1.bin
Size

353KB
MD5

49488ed1249a259430a5af97c0cbb19d
SHA1

f539dbd1ed7caf5fb3c6cf2435f6b83a191c2cad
SHA256

adea3bf7dd95bfa8565823e1be991b4976c283db648ec40876df5b4a6148e1b8
SHA512

8964c6e6b38eb12d484a5738ceb590351dbc1fe235ad029377304ea1bb251a0cf2af976121f60d18e27ebc04b8377e9dba595f543b7620f5020443acbb96c1d8
SSDEEP

6144:yjuKw6DnCVTPyu/alDkOGWRmUhvPqigKAUJFa+dTZ0CZ:2uKdLCFIXhmUh6iNO+dTZ0C

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
static1/unpack001/3b28b6404fda828b7d9e9ea3c375fa4b14837a52ca341c71fb183b58c3f0cb09.exe	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3b28b6404fda828b7d9e9ea3c375fa4b14837a52ca341c71fb183b58c3f0cb09.exe

Files

0fa8c3a81d1bbf12d1beb0ca64a558e1.bin
.zip

Password: infected
3b28b6404fda828b7d9e9ea3c375fa4b14837a52ca341c71fb183b58c3f0cb09.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 431KB - Virtual size: 430KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ