zgrat | 29e2855576ec4417c8a639d62d9208d6[.]exe | Triage

Resubmissions

29-04-2024 23:03

240429-215bwsdf2t 10

29-04-2024 22:56

240429-2wntcade5z 10

Sharing

General

Target

29e2855576ec4417c8a639d62d9208d6.exe
Size

1.6MB
MD5

29e2855576ec4417c8a639d62d9208d6
SHA1

6310c6a5c3f6391638774b582bb2a249dc532c7f
SHA256

7c97de359b3788f96bdf5f96ca32222997e58d30fc66bec7cc09ed677c2b5cb8
SHA512

86e3979b4221c1a5916a4ad176ae1a12ebd9f306597c725acdb5bb346c0a0837eb5b733d4fe44a5442faa1e9cbfc86aed1dff6d528833826df16cdd866a0d4a2
SSDEEP

24576:PlhKoLLcuRdxPWwOfGlHrUgRURSbVZT8YrvKo9+T6BZ2/Y+K/NB8ohtAq:HzcifO0rUtSbxNBDpNBLA

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29e2855576ec4417c8a639d62d9208d6.exe

Files

29e2855576ec4417c8a639d62d9208d6.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ