zgrat | c4694f551f2ccf5151658dae3ac110d3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c4694f551f2ccf5151658dae3ac110d3
Size

1.1MB
MD5

c4694f551f2ccf5151658dae3ac110d3
SHA1

0d93a80e6e10e44bffae8ba15215cfa3873fb8fe
SHA256

db9fe40e0fedb946539b53678a86d7efd8ac8c7108ae3275dd840973b6f5f476
SHA512

b783723cc6d4f959fb0735bd7f62b5c1e368d81b8d9692620a4d05b7a61c56d3fa262e5488996213541269a141c53654d6c416554b6b1ab70cdeff2396582d20
SSDEEP

12288:pbvmEGNkEEGNkFPeAr7wOPVCbbcC9P96K3wFvuI49Mmny6LntNP0j:5uEGNHEGNkeAr7wMKNZ9PAvr49MqtCj

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Files

c4694f551f2ccf5151658dae3ac110d3
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

47:78:3b:2d:d2:15:68:a4:42:c0:4e:1c:c1:17:2b:1a
Certificate

Issuer

CN=Microsoft Corporation.

Not Before

25/07/2021, 21:00

Not After

31/12/2028, 21:00

Subject

CN=Microsoft Corporation.

20:68:e5:28:15:3c:b9:ff:cd:5b:01:ec:b2:4b:83:0d:ea:62:a2:ef
Signer

Actual PE Digest

20:68:e5:28:15:3c:b9:ff:cd:5b:01:ec:b2:4b:83:0d:ea:62:a2:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\germa\Desktop\WinLocker\CrackedProgramStarter\obj\Debug\CrackedProgramStarter.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ