zgrat | b1541623e63f91e8b2d52ceed73fe1815e7c00d3c49c594567e60360b12b3a5b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b1541623e63f91e8b2d52ceed73fe1815e7c00d3c49c594567e60360b12b3a5b
Size

4.5MB
MD5

766f392062c30bb44b5724a9a1cd4ff3
SHA1

500794ac1e2ef12395af9e4af886e5b00b326e8b
SHA256

b1541623e63f91e8b2d52ceed73fe1815e7c00d3c49c594567e60360b12b3a5b
SHA512

58bdbd09bc5e36b7ad116b3e1ae04ac4f2c6ba92daa88434a69550902ba1836f9957269e013fe850aa90356d5fc1e566bde0664768b3ff72b7b607e9bb90daf1
SSDEEP

98304:ySi/84/r1qqtmZ7LDtx0sar7Ev9pJJm0k:Fi/84/r1qqtmBN07EvVJmN

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1541623e63f91e8b2d52ceed73fe1815e7c00d3c49c594567e60360b12b3a5b

Files

b1541623e63f91e8b2d52ceed73fe1815e7c00d3c49c594567e60360b12b3a5b
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ