dcrat | 33dbb523c14738bf48d314111c00906c[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

33dbb523c14738bf48d314111c00906c.bin
Size

909KB
MD5

8b1e0eccd637c7f895622d9199dd27fa
SHA1

ae75112bdb39ba10579f28330ff2ba45a6f7b161
SHA256

64b6f278242143c46880e92a0659468ae2bc4d43398adf222ce7e32a82e68def
SHA512

0363cb5ee1e0b4e90d28280e5a80a9a91b3e317772a46cb8a10b0021737b1b5c9fa6cd3bdb311134db0f2055e1866a06b583459b588b7e44cb42ed9319da12f1
SSDEEP

24576:N1ptcJfJpqXB4YRzCiUc3/ERR+U8d3yBl1R0QWi2lq+:zXaJo6YVCtcPED8GGQXk

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
static1/unpack001/af625576485e2091fbfa4568c3a3c546bd2a8f470cb69afa09f6bcf0ebac1d1e.exe	dcrat

Dcrat family
dcrat

Files

33dbb523c14738bf48d314111c00906c.bin
.zip

Password: infected
af625576485e2091fbfa4568c3a3c546bd2a8f470cb69afa09f6bcf0ebac1d1e.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ