zgrat | d95ca33eeb2e59261ea49f3947df4c074c39acaa61d35c8fe0aef026d7a30681

Sharing

Copy URL Twitter E-mail

General

Target

d95ca33eeb2e59261ea49f3947df4c074c39acaa61d35c8fe0aef026d7a30681
Size

4.5MB
MD5

6012ed9cce811cd335f56acceaaac5e2
SHA1

e62bae0c281294662eeb29b99cbea2bacd45e062
SHA256

d95ca33eeb2e59261ea49f3947df4c074c39acaa61d35c8fe0aef026d7a30681
SHA512

01cb62ef195e0044d398bf7883d8f3a76789218d1a0e537dd338233b57c1ef0b18f9fbcd5ea54fc3ab69239408a1a790b584c4e4bd779e2993511c00a2425963
SSDEEP

49152:FKF4bCSKhqqTyK7YOllAQUhsY0GPe9uXTbp7k7+PdDJRsHcSYIBbyg8L3bSbw2PK:FOhvTycrD9KsYVe9u3W7qyHcSbbyg8UA

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Files

d95ca33eeb2e59261ea49f3947df4c074c39acaa61d35c8fe0aef026d7a30681
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

96:e1:71:d2:d7:88:ab:47:a8:42:0a:35:6f:48:75:99
Certificate

Issuer

CN=PRICE INC Nederland,OU=Nederland PRICE INC,O=Creted by Nederland,L=Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•,ST=Euro,C=NL

Not Before

16/04/2024, 08:11

Not After

30/06/2027, 00:00

Subject

CN=PRICE INC Nederland,OU=Nederland PRICE INC,O=Creted by Nederland,L=Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•Z–ß[–ßZ•ßZ–ßZ–ß[•àZ–ßZ•ßZ–ß[–ßZ•ß[•ßZ•ßZ–ßZ•ß[•ßZ•ßZ•ßZ•ßZ•à[–àZ–ßZ•ß[•ßZ–ß[•àZ•ßZ•ßZ•ßZ•ßZ•àZ•ßZ•ßZ•ßZ–ß[–ßZ•ßZ•àZ•ßZ–ßZ–ßZ–ßZ•ßZ•ßZ–à[•ßZ–ßZ–ß[•ß[•ßZ–àZ•ß[•ßZ–ß[–ßZ•ßZ•ßZ•ß[–ßZ•ßZ•ßZ•ßZ•ßZ•ßZ•ß[•ßZ–ßZ–ßZ•ßZ–ß[•ß[•àZ•ßZ–ßZ•,ST=Euro,C=NL

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e1:e8:c9:85:b4:3a:e6:32:cb:6a:f5:57:3d:97:99:d4:47:2b:07:27:21:d1:d4:88:0c:17:52:50:66:13:ea:ca
Signer

Actual PE Digest

e1:e8:c9:85:b4:3a:e6:32:cb:6a:f5:57:3d:97:99:d4:47:2b:07:27:21:d1:d4:88:0c:17:52:50:66:13:ea:ca

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

96:e1:71:d2:d7:88:ab:47:a8:42:0a:35:6f:48:75:99Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

e1:e8:c9:85:b4:3a:e6:32:cb:6a:f5:57:3d:97:99:d4:47:2b:07:27:21:d1:d4:88:0c:17:52:50:66:13:ea:caSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 4.4MB - Virtual size: 4.4MB

.rsrc Size: 109KB - Virtual size: 108KB

.reloc Size: 512B - Virtual size: 12B

96:e1:71:d2:d7:88:ab:47:a8:42:0a:35:6f:48:75:99
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

e1:e8:c9:85:b4:3a:e6:32:cb:6a:f5:57:3d:97:99:d4:47:2b:07:27:21:d1:d4:88:0c:17:52:50:66:13:ea:ca
Signer

.text
Size: 4.4MB - Virtual size: 4.4MB

.rsrc
Size: 109KB - Virtual size: 108KB

.reloc
Size: 512B - Virtual size: 12B