dcrat | libcrypto[.]exe | Triage

Sharing

General

Target

libcrypto.exe
Size

317KB
MD5

61ee39f5537e65720ec629a593809c02
SHA1

a3ce1a9970fdb69c5f4bde0ffa49ca4cbd0c69bd
SHA256

8bed0227175fdad5e7f3c17003af481764230711f774b10af6b55d1ab58b25ec
SHA512

2e3c1ae897060820b0d5734c2c74740c22f4d45426fd51917a37cef652917ad12efdda7f3f9352e983f6f029a0d739317630928b82f247d1bbb00685ce97f284
SSDEEP

6144:H3yyN3U5XMNNWmfb7DyiUwCyJvjmk65mLRFe+i5SHbrVwCqy:HnNE5XM/j7DFJvAmLRFQ5S/R

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
rat

Processes:

resource yara_rule

sample dcrat
Dcrat family
dcrat

Files

libcrypto.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ