zgrat | 946f9875958c6ff0a4ccbcc8717068a0[.]bin | Triage

Sharing

General

Target

946f9875958c6ff0a4ccbcc8717068a0.bin
Size

9.2MB
MD5

2d495049a9a4eb9f760ffbb71a8a2565
SHA1

de8c51240c97e37b1874655d13f8661abe342a54
SHA256

6e61d2a623aae93014a16735e2baadc7c69abbff4330292bc5b957148f0eb995
SHA512

6a7008d8beb7295be21e37ce91fd146b661cc0c1135624186a5374e397d0205776a737b1aae7bfa0724f34530e62a2f54546ce442cfbcaaf98454ae570affbd3
SSDEEP

196608:lsob6MuXVCHY4sbfVNcvN0yCiPtGEIUZvur+3TMl8qg5qDd:lsobflHYfb9ulLVG214l2qDd

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
static1/unpack001/fd643dfa49e7411994295979b06bf68659ddb28f1942fe80f6149696d4aa0d2a.exe	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/fd643dfa49e7411994295979b06bf68659ddb28f1942fe80f6149696d4aa0d2a.exe

Files

946f9875958c6ff0a4ccbcc8717068a0.bin
.zip

Password: infected
fd643dfa49e7411994295979b06bf68659ddb28f1942fe80f6149696d4aa0d2a.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

extractor.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 9.5MB - Virtual size: 9.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ