zgrat | holder1000x300[.]dat | Triage

Resubmissions

11/11/2024, 21:31

241111-1db66azpgq 10

11/10/2024, 07:28

241011-japveaxdmk 10

05/04/2024, 12:42

240405-pxkf4acd4t 10

Sharing

Copy URL Twitter E-mail

General

Target

holder1000x300.dat
Size

708KB
MD5

d01e27462252c573f66a14bb03c09dd2
SHA1

263dd00f996b3605599cef119b8b968cc01f2635
SHA256

44f3429f40b81439cc542202dfedcad622e0cefff16ecd5f2b7977fb38284286
SHA512

b5dc8e6fcc9515dc736ba614554aa390f32a70a27a3070705d3e308112430e5af0aed78481a2c0010e9f98ea73980c9d7283cac3923a84fa7b26f7f9c28f40d6
SSDEEP

12288:dQo6B4S0ksMucRs4ZJ+N6w/X7p8YGAs1xnYkbTo0JjUY+xA:6bB5PsMuczW861SAs1xnY8o0CfA

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
holder1000x300.dat

Files

holder1000x300.dat
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 705KB - Virtual size: 705KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ