asyncrat | DcRat[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

DcRat.exe
Size

10.2MB
MD5

0a1c34d04e1a8659462ee2be3681013c
SHA1

02aa8ef034c38b042ea4e0de031559fa6e1ddfb1
SHA256

3e5b2f7b0b3f73ced2e5aef3f1828f46aaf450cd3da9e30fb7bdef54bcd87902
SHA512

e81a242fbf92077d6a4699f232cb0f2dce3487c110d494efcbe60d99ef1e355358aa20d916a14cc2ff6dc544df66061728533b75ca6875ac510935011128bdd2
SSDEEP

196608:y9/xsOFCNtG22XsNNNNdAvN8rNNNNNVO7aIXM1B7Z0/qW:4RCNtG227T81Bd+q

Score

10^/10

rat asyncrat

Malware Config

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

Files

DcRat.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 10.1MB - Virtual size: 10.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ