zgrat | 84e75d31fb7f3bf7412852353d89cdaffd1192d52da5c92a4978091fe17fc9a5 | Triage

Sharing

General

Target

84e75d31fb7f3bf7412852353d89cdaffd1192d52da5c92a4978091fe17fc9a5
Size

385KB
MD5

efc606a788ec0ade4d09ffc400a05eff
SHA1

1bdc3cf0c3a91a8e2f20bf8405c4af18acfa3b88
SHA256

84e75d31fb7f3bf7412852353d89cdaffd1192d52da5c92a4978091fe17fc9a5
SHA512

4d9440bb9e1e439a1520d6277a396bf1097d0e11a69ca64b26b69ab4108530598f4243833b659aade13cb3e7a185284b1f0c5cc9edacc00ff6b736fe6a814317
SSDEEP

6144:hdWcSqi3scNsdJAYv3HHL5C+AUtEgV+zdkON5VrJO1tLry:hdWD4n/L5HAUr+zdPNRO1tL

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
84e75d31fb7f3bf7412852353d89cdaffd1192d52da5c92a4978091fe17fc9a5

Files

84e75d31fb7f3bf7412852353d89cdaffd1192d52da5c92a4978091fe17fc9a5
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Courtesy.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 383KB - Virtual size: 382KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ