dcrat | bf24fe1b77b7fe6f408524101e8df81d6c138f40f92fd43701b6ac53198720e3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf24fe1b77b7fe6f408524101e8df81d6c138f40f92fd43701b6ac53198720e3
Size

995KB
MD5

d4d2894b605d77e9f558e16620903496
SHA1

683e8dbe1ed7326ea4072160392205db27bc658d
SHA256

bf24fe1b77b7fe6f408524101e8df81d6c138f40f92fd43701b6ac53198720e3
SHA512

c0f1adfc9d98a2d4e979c7fa226888ecd0004f2665c2e4f924044d445c174c2e10872ebbf3fc0939b3fd0ed1bcea5d407ef04d3d9f9371a7b66ad0c5e2619320
SSDEEP

24576:0xN+/jWjJ9bzsh3vVWyzziCIGVrplhM/3s:w0YzqdLr3

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Files

bf24fe1b77b7fe6f408524101e8df81d6c138f40f92fd43701b6ac53198720e3
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 993KB - Virtual size: 992KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ