dcrat | 8B1FDB4C610D81DEA7EA4AC940716E4BFCAB7461DC6F4[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8B1FDB4C610D81DEA7EA4AC940716E4BFCAB7461DC6F4.exe
Size

799KB
MD5

a14490d946919f2a4b9c66f5bd8178f8
SHA1

d0d8e147937154f4f46aa4aefe8450aef0d1642e
SHA256

8b1fdb4c610d81dea7ea4ac940716e4bfcab7461dc6f426512f3fb65167db86c
SHA512

5553dc02e741874781ddcfeebe429e8bbcb9d1eb05443e541d5ea308ea424a42096db6acc4f2f1f321cc11143842337bc9e898bc83f0b159833d872103756d36
SSDEEP

12288:FoNE5V/W9h7dHQ4PHRSd5c9kVklPFQryMbhT9LZjEMX0GbfvGjCnYZx:FoNbagHR0zhzTGm4

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Files

8B1FDB4C610D81DEA7EA4AC940716E4BFCAB7461DC6F4.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 797KB - Virtual size: 796KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ