dcrat | be93a7d4d78a9bfdb86d0c3047b7f225[.]exe | Triage

Sharing

General

Target

be93a7d4d78a9bfdb86d0c3047b7f225.exe
Size

2.2MB
MD5

be93a7d4d78a9bfdb86d0c3047b7f225
SHA1

44c883b77e6b62c58284e4badb72115f1f111e09
SHA256

d6787a761421f015a897b65457efea42784cffcebaa5710fd8c978a99e597452
SHA512

253dd2bf9325ec164f0a3bba4e06727784e1c0b01df095647f1fabd40d48fb8bb53e4f5722fbbdb17ef2361f3866e67326eb85ae4f9afd2f0ecaa8f1c31251c9
SSDEEP

49152:7sKDcDsrLs2U+oOHh+vCyVVsyV5LyQTXmlbI80L2HMNQ+bDp:7QaU5OB0CyAyV5LvT2lbIT2HMuED

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Files

be93a7d4d78a9bfdb86d0c3047b7f225.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ