zgrat | b03aa6bdff66cb4a9114ebb3615f07af455b474f7af998cd35ba47f84bbf05b1 | Triage

Sharing

General

Target

b03aa6bdff66cb4a9114ebb3615f07af455b474f7af998cd35ba47f84bbf05b1
Size

354KB
MD5

960eb4d74f0f0c05c4c43ce1e98bf571
SHA1

9739d9e27dbc19091eeadc3c6d18d3f3d351bff1
SHA256

b03aa6bdff66cb4a9114ebb3615f07af455b474f7af998cd35ba47f84bbf05b1
SHA512

514ba4019ea244b62c4f31b4199869c9bdf1c172bc890e5467ce2afb16cfd7bbda7b8049b9149b1d1db8e6cd86cc98ae6cf89a0daefcc395c222dbbf7c979cc6
SSDEEP

6144:43kc+V5W0MPeogbh0HWE0J98gBzl6e/u:u4MG+eSgBzlZ

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b03aa6bdff66cb4a9114ebb3615f07af455b474f7af998cd35ba47f84bbf05b1

Files

b03aa6bdff66cb4a9114ebb3615f07af455b474f7af998cd35ba47f84bbf05b1
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Blinsson.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 352KB - Virtual size: 351KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ