dcrat | 573241336c4b94a72fbce6aaa484a30e[.]bin | Triage

Sharing

General

Target

573241336c4b94a72fbce6aaa484a30e.bin
Size

432KB
MD5

4d0ee6ad574e4c4ab6569fa68830fda0
SHA1

5ebac3b47246a5b7a27beaabab406e3f49bd09fb
SHA256

92ef987a883cb49e91cb7c09770dae94aaa6fc5fe490f89d3863fa9184c5680d
SHA512

eecf91893c8ca691be5a3d13df69bf13fa622071b63bde42d2caf66f357c0910d77676b200ccd6ca6881610ad376958f0c58b60a2cda6edfd90576e5ad34f6b4
SSDEEP

6144:QY8AhUCZT9lCHFhmPu8iKUb6qdPYy+4eseqqzfg8Q0abhi6UFoRG2Mq:r8AhUCblKHmHMbzdtLQj3QVl7VMq

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
static1/unpack001/2ce7891884274f9749df0faf46bca81cb0bb8e120ef5367053689c7438ea54dc.exe	dcrat

Dcrat family
dcrat

Files

573241336c4b94a72fbce6aaa484a30e.bin
.zip

Password: infected
2ce7891884274f9749df0faf46bca81cb0bb8e120ef5367053689c7438ea54dc.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 950KB - Virtual size: 949KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ