dcrat | c2d54497758a4d5d1ad33c2860d64dd9[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c2d54497758a4d5d1ad33c2860d64dd9.exe
Size

240KB
MD5

37e0912da1d30110cdbf1d53924bf977
SHA1

993ca1ba661482dac3e17de20eb7019ec3bf56af
SHA256

6fca9d7be16c2ce75b30ec79da0a5f5af333d3732fe0f45ff0d21c9f426451b6
SHA512

6627025edf5436f3ae3ecd3d105e766dafdc90613b4d21b0b614e1dd20f8002f10908fca72fe91ff6ddf1672ea49e3e883aa90af95cb74d1025c0c3d142b7958
SSDEEP

3072:b+gBfljFF0ppDwjVHaF+nfUFZCJL9DaI1pvULfDu7WlDpm58NMV:qclcpGaUnzJV0XE58NMV

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Files

c2d54497758a4d5d1ad33c2860d64dd9.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ