zgrat | 50ccd3682708ff0e7a6bfe46730937d469ca29e0ae405f3607b70fb15ad2e5c0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

50ccd3682708ff0e7a6bfe46730937d469ca29e0ae405f3607b70fb15ad2e5c0.exe
Size

4.3MB
MD5

6d59b75f2b8bf7590c144cd4b3d24516
SHA1

6325d9ea89692248cf599493743f637b7fefe726
SHA256

50ccd3682708ff0e7a6bfe46730937d469ca29e0ae405f3607b70fb15ad2e5c0
SHA512

77f29661bee56bd26e11abd359b1e01e23d76994cab99528242bd08b77c3c8be810b07855f76ef6394ae5a43b907cccb421fc525870b03f4afc1c7664607931a
SSDEEP

49152:fc6PM2ku7KoRtVYIN9uCftMVtWf+NSzuHI791x4Ayjxw2PjCSK6Q70zPbyg8L3bn:fc6p37V9Bfa3Wf+N3I7Xx43byg8ua

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Files

50ccd3682708ff0e7a6bfe46730937d469ca29e0ae405f3607b70fb15ad2e5c0.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

96:e1:71:d2:d7:88:ab:47:a8:42:0a:35:6f:48:75:99
Certificate

Issuer

CN=PRICE INC Nederland,OU=Nederland PRICE INC,O=Creted by Nederland,L=Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•,ST=Euro,C=NL

Not Before

16/04/2024, 08:11 UTC

Not After

30/06/2027, 00:00 UTC

Subject

CN=PRICE INC Nederland,OU=Nederland PRICE INC,O=Creted by Nederland,L=Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•,ST=Euro,C=NL

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00 UTC

Not After

02/08/2034, 23:59 UTC

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00 UTC

Not After

18/01/2038, 23:59 UTC

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f2:e3:4a:5b:96:0b:c1:10:63:ed:bd:72:30:92:d6:06:a1:8d:01:bc:31:d5:ed:73:3b:81:3b:92:06:dc:e0:69
Signer

Actual PE Digest

f2:e3:4a:5b:96:0b:c1:10:63:ed:bd:72:30:92:d6:06:a1:8d:01:bc:31:d5:ed:73:3b:81:3b:92:06:dc:e0:69

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

96:e1:71:d2:d7:88:ab:47:a8:42:0a:35:6f:48:75:99Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

f2:e3:4a:5b:96:0b:c1:10:63:ed:bd:72:30:92:d6:06:a1:8d:01:bc:31:d5:ed:73:3b:81:3b:92:06:dc:e0:69Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 4.2MB - Virtual size: 4.2MB

.rsrc Size: 60KB - Virtual size: 59KB

.reloc Size: 512B - Virtual size: 12B

We care about your privacy.

96:e1:71:d2:d7:88:ab:47:a8:42:0a:35:6f:48:75:99
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

f2:e3:4a:5b:96:0b:c1:10:63:ed:bd:72:30:92:d6:06:a1:8d:01:bc:31:d5:ed:73:3b:81:3b:92:06:dc:e0:69
Signer

.text
Size: 4.2MB - Virtual size: 4.2MB

.rsrc
Size: 60KB - Virtual size: 59KB

.reloc
Size: 512B - Virtual size: 12B