dcrat | 12312de68052a05888a9cf9d804cec6c[.]exe | Triage

Sharing

General

Target

12312de68052a05888a9cf9d804cec6c.exe
Size

2.6MB
MD5

12312de68052a05888a9cf9d804cec6c
SHA1

ddae2aaadb5b462c95a768d15b9cbb8ddc97571f
SHA256

561c42758fa04340f8d121384f586adfe1a032e1dcdf7580e5047a7e7dc42e8c
SHA512

02f0c91703a50c57f7ab24b05676933d8ce102a0da608a610b6fb066dffed1a32affe6dcdccb9aeb79c1714b134ada7b2c2a9219f8d3d6ed2cf13b4fa8348630
SSDEEP

49152:XpTn80rAHkSrvT7yEBpojAGw3fo+5D0gRbfGNW8UlbSpDCP2XF:XZpktrvTOqp2Nw3L0gRbfGI8sepeu1

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
rat

Processes:

resource yara_rule

sample dcrat
Dcrat family
dcrat

Files

12312de68052a05888a9cf9d804cec6c.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ