dcrat | 09372e53e731f7544ff19d0731dfb19d[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

09372e53e731f7544ff19d0731dfb19d.exe
Size

2.8MB
MD5

09372e53e731f7544ff19d0731dfb19d
SHA1

84fc473b7e570afe9b0bfc650d470ad9960d76c9
SHA256

1b3e3d5928c895b67e6e5c0fd52f42c3c88cccb79ee6fc4e8f667fe52f4048e7
SHA512

f0bac6cd5a7a0b8eef0495e28161656f60775bda3fb0f5996993625dfa2303667a218a46256a6417ee8c96d868794ae07a84cc0cc26f13a37c5a01670e6cb2cd
SSDEEP

49152:mKMSgDJ61Pk4HCqx2xUKVNzYb5xEJEDqVBQJqg9V7Eol1f2ILY7HFGK5vo8Mxx/i:mxSGgx2GYNz8LkpJgjQonLY7HFn5vojo

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Files

09372e53e731f7544ff19d0731dfb19d.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ