zgrat | TS-240318-UF3[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

TS-240318-UF3.exe
Size

447KB
MD5

37502eb94a63e5665cff064987ff7a48
SHA1

d70c63a5abfbbd2f089f25bef92794b8f732571c
SHA256

8a3f917fb7a28dddc02361217152990fb1aa388d287296fa688562e982ddf897
SHA512

d4be78ae35498044694cf904b415e1688f6c4114c95c457944bd29c005e8e5dd7c4f58264b756ecfd8385ffb1824ed055d3a7d9e73cae1edeba05ad44e7107ed
SSDEEP

6144:RLW6+nngW4c6b9ZTEO4KMsdc1Bb/wGTQO2m5wCXF2Y2R8JKBYfnCWZ7:RmnUce9Zpi1BpQk2M22JcYR

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TS-240318-UF3.exe

Files

TS-240318-UF3.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Queens.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 445KB - Virtual size: 444KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ