zgrat | a3d53c95c5d457e510e89cd2f1288387[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a3d53c95c5d457e510e89cd2f1288387.bin
Size

1.8MB
MD5

0fe12ef19377ae8e6c49bd3cd5c4b6d4
SHA1

d8e07bbc7029e6c8068dffd479a804536d8c668f
SHA256

7d170531d8c474f8d4e2baa88c5ded62c9daf095383f1ca5161047672c0af8bf
SHA512

eb19902eaced0891b8d72981a89d0afae2188fd1871cd71c3e676ac878f1c87c03ad4a87af378ad49208ef3e696a78ce882430ce1b65e1925680730c4f974514
SSDEEP

49152:jhH2CToMdqJPeDy06tm5EscKU+U+wR7KK9iT:9WC7dAPeu06tmWKvS7I

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
static1/unpack001/97c8904e0e2da52a0021dabc7d281eab4341a36e6dd94b7d98a4c1c3eee4ba1e.exe	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/97c8904e0e2da52a0021dabc7d281eab4341a36e6dd94b7d98a4c1c3eee4ba1e.exe

Files

a3d53c95c5d457e510e89cd2f1288387.bin
.zip

Password: infected
97c8904e0e2da52a0021dabc7d281eab4341a36e6dd94b7d98a4c1c3eee4ba1e.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ