dcrat | 6a4ce23b9caf0d61f61ac818e313a6a4[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6a4ce23b9caf0d61f61ac818e313a6a4.exe
Size

630KB
MD5

6a4ce23b9caf0d61f61ac818e313a6a4
SHA1

4e68e3b507db07e8db8d67f213622707a3a1b788
SHA256

b28a239f14e0ca05ad8fae15b915dd1c7f0ae7b31ca18594d967821bd168e681
SHA512

4078581b4f8bea7e8d55fbb354e6ca462baaba6dd2bd53dba36aa95f5b9a2d64b3a91dc4073d5561d7aab4d5a7b8c50466d9aaed794405ef9fcec0e9e3bb6827
SSDEEP

12288:dqNE5mADX9lhYWEzN45SE9tQDSnTJ0jOOqAX5QjwTZxx:dqNObEzN4b95ASI5QjWv

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Files

6a4ce23b9caf0d61f61ac818e313a6a4.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 628KB - Virtual size: 627KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ