zgrat | malware[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

malware.exe
Size

2.8MB
MD5

a8b81955d9dcbd3da697ca49c79d8082
SHA1

fe46e7a83264c75138a66e3456efd2a5e8c2b55c
SHA256

6395d14f5a1a835e5af60d9fdc57702e05f2da2d3f9c6caf334bdb0b465ebfaa
SHA512

e6669ac73ee247fb19e2fc44b71f13b11b98ee5f0ef3e7605004931a9acf44816bde369b1bc86e8c9fd0aaf7f0ac3af5948952c84ac933a24e692caa94ff340c
SSDEEP

49152:Tx8cIEhEKAWXQ0RaQZLuhleTMr9sW5EQ/za62lSHJZ2ZURhKPTJ:Tx8cIEYQFuhleK9sfcm5lSHWU8P

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
malware.exe

Files

malware.exe
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ