zgrat | 9a9804175dbcfbe50dba944b35506598b48259ab84a8f964ef11b4239431f36e

Sharing

Copy URL

Twitter E-mail

General

Target

9a9804175dbcfbe50dba944b35506598b48259ab84a8f964ef11b4239431f36e
Size

5.3MB
MD5

41f73cbff1e54f058dc3bf973de45858
SHA1

1109a646a8071e1c97d0dd0621d538db3f3a1de7
SHA256

9a9804175dbcfbe50dba944b35506598b48259ab84a8f964ef11b4239431f36e
SHA512

28474c2a3faf1b416bc76711f40099685eab802e0acefe3f1c3421f44ded299c1555f025737af84d86b0fde2387cc45918bc6d4142d13b514129ffe051b3281f
SSDEEP

98304:RAxi/KM8YKgCAQ+LFXU4V2jMkT1jXjsbG65VLORdH:RAxi/Kr4V2DT1gG65VLeH

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

Processes:

resource yara_rule

sample family_zgrat_v1
Zgrat family
zgrat

resource	yara_rule
sample	family_zgrat_v1

Files

9a9804175dbcfbe50dba944b35506598b48259ab84a8f964ef11b4239431f36e
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

08:e4:16:3c:f7:22:41:f9:25:da:b3:11:60:33:93:a9
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2019 00:00

Not After

06-01-2023 12:00

Subject

CN=Adguard Software Limited,O=Adguard Software Limited,L=Limassol,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:24:d2:40:83:d5:9c:03:1c:a1:b4:5f:57:89:8a:01
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-10-2019 00:00

Not After

06-01-2023 12:00

Subject

CN=Adguard Software Limited,O=Adguard Software Limited,L=Limassol,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:b1:3d:7d:da:d2:d6:e8:cd:f8:ea:f4:14:c7:77:35:41:a7:5b:b2:34:8c:ba:79:cb:e2:8d:4b:d3:2f:0b:0f
Signer

Actual PE Digest

0d:b1:3d:7d:da:d2:d6:e8:cd:f8:ea:f4:14:c7:77:35:41:a7:5b:b2:34:8c:ba:79:cb:e2:8d:4b:d3:2f:0b:0f

Digest Algorithm

sha256

PE Digest Matches

true

0c:b9:26:35:cb:c7:6c:a5:a0:14:75:67:fc:27:fd:85:66:a0:21:ac
Signer

Actual PE Digest

0c:b9:26:35:cb:c7:6c:a5:a0:14:75:67:fc:27:fd:85:66:a0:21:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Adguard.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

08:e4:16:3c:f7:22:41:f9:25:da:b3:11:60:33:93:a9Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

0d:24:d2:40:83:d5:9c:03:1c:a1:b4:5f:57:89:8a:01Certificate

Extended Key Usages

Key Usages

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

0d:b1:3d:7d:da:d2:d6:e8:cd:f8:ea:f4:14:c7:77:35:41:a7:5b:b2:34:8c:ba:79:cb:e2:8d:4b:d3:2f:0b:0fSigner

0c:b9:26:35:cb:c7:6c:a5:a0:14:75:67:fc:27:fd:85:66:a0:21:acSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 5.2MB - Virtual size: 5.2MB

.rsrc Size: 109KB - Virtual size: 109KB

.reloc Size: 512B - Virtual size: 12B

08:e4:16:3c:f7:22:41:f9:25:da:b3:11:60:33:93:a9
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

0d:24:d2:40:83:d5:9c:03:1c:a1:b4:5f:57:89:8a:01
Certificate

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

0d:b1:3d:7d:da:d2:d6:e8:cd:f8:ea:f4:14:c7:77:35:41:a7:5b:b2:34:8c:ba:79:cb:e2:8d:4b:d3:2f:0b:0f
Signer

0c:b9:26:35:cb:c7:6c:a5:a0:14:75:67:fc:27:fd:85:66:a0:21:ac
Signer

.text
Size: 5.2MB - Virtual size: 5.2MB

.rsrc
Size: 109KB - Virtual size: 109KB

.reloc
Size: 512B - Virtual size: 12B