zgrat | Beta_0[.]6[.]exe | Triage

Sharing

General

Target

Beta_0.6.exe
Size

2.1MB
MD5

c3ce5141cd6793d20a56d323acaa6723
SHA1

8859b8cea7f5cbef73ddbc8e9070d85ce57b04ec
SHA256

e522f402bd19d48588dfe55c5178f82d4f3e365817fdd3a30de52c09926ff81e
SHA512

a1ea620babd76f54cb6577b405f16ecac1c4d9df79c18b9e3654a8c3fb7902305f85800e44b0ec867da8c5847588276149e5989391da224c0106ccc597f28e43
SSDEEP

49152:31tVLt+HCyVkdgiikpTRKi5hYK2Be/zjc9QPirSqQp/FelB:31nL8Pkr1Km2BcM6PiGdN

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V2 1 IoCs

Processes:

resource yara_rule

sample family_zgrat_v2
Zgrat family
zgrat
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

Beta_0.6.exe

Files

Beta_0.6.exe
.exe windows:4 windows x64 arch:x64

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ