zgrat | 8d6b749c08365f32e1fa55eaaff54827[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8d6b749c08365f32e1fa55eaaff54827.bin
Size

1.4MB
MD5

3319c82f2438ad5ace5904517da59355
SHA1

c24f9697b2214bdea826522a8f59bf7b0fc1476c
SHA256

75ed377e103e23615abfca5c647fc54527cd2f69f586e41722ccc1ba8980f410
SHA512

708b68eaece9da08a82928c1abb7f0dc79e5e793e7cd62d09e51c0f1e781da4ebf3a60e760fc9d2ea0825c16e96456a9651e1afade3e07e01f4d222323dc65c6
SSDEEP

24576:JOAHS8vCOWrotZiaI/r9/Fis7peugwVCZFrYVOLLyI8m/GHqdDahi0893jA42dfy:JOQ/oaEr1Es7GwUFUsLyI8wG+DaQT2Jm

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
static1/unpack001/2b4a998c588be37808c8743624bdedec96ac3cb80de750cf81dde1fdd22d508f.exe	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2b4a998c588be37808c8743624bdedec96ac3cb80de750cf81dde1fdd22d508f.exe

Files

8d6b749c08365f32e1fa55eaaff54827.bin
.zip

Password: infected
2b4a998c588be37808c8743624bdedec96ac3cb80de750cf81dde1fdd22d508f.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ