zgrat | 237c473b91af5dd9556c64012ecfc391[.]bin | Triage

Sharing

General

Target

237c473b91af5dd9556c64012ecfc391.bin
Size

3.0MB
MD5

1bcf4fce54ddeded269adf7d23b2014c
SHA1

9ac5cd9623e78b33d79378396ac9a1929b66d566
SHA256

26ff76f8ce7e6ad6f7754105880b41c36458aa04a554d7745295abbee25f4f65
SHA512

0353ebb593d8aa1535968f9c00115cc75b5df1e1861083e375c51c688764d6ee4d4d7be6376d98a310bf7ae675da9e9d2287487f02689638b8ac27eb2f40b2a5
SSDEEP

49152:qD1hDWFgGytEU9e4jadFz1FIdWuiktsQT83Yz7SScBuJwAAIi6ItRN/beONh:EhDWFdyyUOB1FIdUktHke+F7NiOf

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
static1/unpack001/a87ba1ea4d91b34a5bd332e96b2b69d1a850ce0510247429673bb72fc4f8f304.exe	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a87ba1ea4d91b34a5bd332e96b2b69d1a850ce0510247429673bb72fc4f8f304.exe

Files

237c473b91af5dd9556c64012ecfc391.bin
.zip

Password: infected
a87ba1ea4d91b34a5bd332e96b2b69d1a850ce0510247429673bb72fc4f8f304.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ