zgrat | 67dbec2d894d7f7c0ce476cfebe1c220_NeikiAnalytics | Triage

Sharing

General

Target

67dbec2d894d7f7c0ce476cfebe1c220_NeikiAnalytics
Size

2.3MB
MD5

67dbec2d894d7f7c0ce476cfebe1c220
SHA1

2dd2664da00555710502ab08fa944aec2816af65
SHA256

39af295e41ae53ef17e32c7026e3faabbda112d18c5d5c6aa8e90b7710bd873b
SHA512

6beb63e80ad93e1f5142ab61c88419741ebd8521d41b5c2cc84d7bf5ccf9f04367fb4abd8ed9ceb42579aebf0a2859f0ee7a5ff7f5bf7a1e32f8225c814830bf
SSDEEP

49152:yx71ueuaEfSV7hRknrIlHlReRu/ujIS34R2CGM:iWAARu/ujx34AC

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67dbec2d894d7f7c0ce476cfebe1c220_NeikiAnalytics

Files

67dbec2d894d7f7c0ce476cfebe1c220_NeikiAnalytics
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ