dcrat | 5f8c9693df7c4cd7a96790a86f3728b3f572084b2e52bf93c6f9f1e2ff438a95[.]zip

General

Target

5f8c9693df7c4cd7a96790a86f3728b3f572084b2e52bf93c6f9f1e2ff438a95.zip
Size

170KB
MD5

d05ccd919987e63b5e334e5fa28a4dc3
SHA1

4790fe2864a117a8b48e118c1a120d70dcd292ba
SHA256

3a9470103bc418e35d2d2a6dd529a6ed86efdbb5b9cf9829470e0c34dc83745c
SHA512

2bcd660f101a11770b07d1a968372f759149ec46ccde76174ca7ac8ec8303708715477a65259e9fc09ec158c495df384ec20a9b5d6cbf56dfa3e87e00b9444c2
SSDEEP

3072:eXU6EtMR4bGxYF5Gyh4U9EzLi0um8oFAQDgeov0Vjb72gApoavd+bR:eWBGxYF5Gyh4NzLixRnQ0eovQbdApo22

Score

10^/10

rat dcrat

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
static1/unpack001/5f8c9693df7c4cd7a96790a86f3728b3f572084b2e52bf93c6f9f1e2ff438a95.exe	dcrat

5f8c9693df7c4cd7a96790a86f3728b3f572084b2e52bf93c6f9f1e2ff438a95.zip
.zip

Password: infected
5f8c9693df7c4cd7a96790a86f3728b3f572084b2e52bf93c6f9f1e2ff438a95.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ