zgrat | driver1[.]exe | Triage

Resubmissions

27-01-2024 14:29

240127-rtsdmsfggl 10

27-01-2024 14:26

240127-rr6hgsfgdr 10

Sharing

General

Target

driver1.exe
Size

513KB
MD5

ecd563c8ea2125310eada2daac93251a
SHA1

1d8e53b0d094b51f5db03d8bdffbeafde33ddaf0
SHA256

77fbf732a2e1869f995d5d5d38a1ac0b35edba9a83ed557d8abb45dec9bbd604
SHA512

be722be655e3ec4aef28651f9fe21cfa48af3abe2aa2c8158e991d75115bcaf8ceebf31737c54cae565c86fa275c252bf68dae5cb2e257c232cea7e61277bece
SSDEEP

6144:Vy55yyymLLkkGGt/+9bBfgcqVXCtKPIszeQYsqRCbIW/Ib4YzCm/Db+3Hsj0OrPJ:VL2yttQYsqREcYmL63MoWyw/539HDn

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
driver1.exe

Files

driver1.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Perfect.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 511KB - Virtual size: 510KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ