Overview

overview

10

Static

static

10

2LRS3ODTLG...JL.exe

windows10-1703-x64

10

2LRS3ODTLG...JL.exe

windows11-21h2-x64

10

6G2SZLVHVH...3B.exe

windows10-1703-x64

10

6G2SZLVHVH...3B.exe

windows11-21h2-x64

10

6TS3GUANXW9E1KF8.exe

windows10-1703-x64

10

6TS3GUANXW9E1KF8.exe

windows11-21h2-x64

10

G9NB5XSAH0XAAPCN.exe

windows10-1703-x64

6

G9NB5XSAH0XAAPCN.exe

windows11-21h2-x64

6

PV0HLG9QQ3...NU.exe

windows10-1703-x64

10

PV0HLG9QQ3...NU.exe

windows11-21h2-x64

10

Protect544cd51a.dll

windows10-1703-x64

1

Protect544cd51a.dll

windows11-21h2-x64

1

PsExec.exe

windows10-1703-x64

1

PsExec.exe

windows11-21h2-x64

1

W7W5WFGX1D...7O.exe

windows10-1703-x64

3

W7W5WFGX1D...7O.exe

windows11-21h2-x64

6

skz3rpen.kc1.exe

windows10-1703-x64

1

skz3rpen.kc1.exe

windows11-21h2-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Temp.zip

  • Size

    22.0MB

  • MD5

    680b9f05186ea57c3839c00b04e1e92f

  • SHA1

    2b8f4f0938e5e9d52ad9452fc7a5212fd464ea87

  • SHA256

    0ec4dc59bfa704ff0777038d4c747fb42db308bed43f2ad6a681b645d1bfecbd

  • SHA512

    55495dc8ce10490f610518ffd38ad00427ddbe5b0e08e426ed63fe720feab340a84b7df919f884592accbead278ec07a350e177264bd10607352faacb015d15d

  • SSDEEP

    393216:cGoas8p7+A0FK06Goas8p7+A0FK0RVP+36T4nEZlFEHPj5e8tAZBalHiPJrOIVPX:LbsO7t6K0RbsO7t6K0RVP+3G+hVEOIVv

Score
10/10
zgrat

Malware Config

Signatures

  • Detect ZGRat V1 2 IoCs
  • Zgrat family
    zgrat
  • .NET Reactor proctector 2 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Unsigned PE 4 IoCs

    Checks for missing Authenticode signature.

Files

  • Temp.zip
    .zip
  • 1ca66d4
  • 2LRS3ODTLG3KRVJA1CCVAQPPFCFWXJL.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • 504c1e3c
  • 6G2SZLVHVHUJV21JB2FOVQKM701Z63B.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • 6TS3GUANXW9E1KF8.exe
    .exe windows:4 windows x64 arch:x64


    Headers

    Sections

  • G9NB5XSAH0XAAPCN.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • PV0HLG9QQ3YXXG1AJAMYRYE08NU.exe
    .exe windows:4 windows x64 arch:x64


    Headers

    Sections

  • Protect544cd51a.dll
    .dll windows:5 windows x86 arch:x86

    8420c9e80d53d716c9d682dfad563ea8


    Headers

    Imports

    Exports

    Sections

  • PsExec.exe
    .exe windows:6 windows x86 arch:x86

    1193bc223dad681f22f8248608cbb592


    Code Sign

    Headers

    Imports

    Sections

  • W7W5WFGX1D82S3EIURREUP57O.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • c4518e4b
  • skz3rpen.kc1.exe
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • tmpqbtad09icacert.pem