dcrat | 04ac3994fdb094e25be02ebf3accf42e[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04ac3994fdb094e25be02ebf3accf42e.bin
Size

1011KB
MD5

52bb94d14b615bccda2fd23bd7d6b3ae
SHA1

b3f7f4a1845e3ddf171d3b9586b26f147238f303
SHA256

0ebcd7007e8ce0622b07c4ec0fbc30b8f34632757ec7d7c5dd2d431adaca1459
SHA512

c903a331b640009f7f442070203d0fe944d929cd5d92d09e7256d9842cbe8eed89df29bab35399efb0116b2cbad8e5cfb493e701a64f342391f963d809160d41
SSDEEP

24576:iUywNziPO6fxX+YHLzl0UhQ9U0NqJok5enzx/dO:3yAT6fxuML+3iecHInz1dO

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
static1/unpack001/4e1742205a1c552dc1978d9b2bd12354ca58095c3c5588539383555f406b9504.exe	dcrat

Dcrat family
dcrat

Files

04ac3994fdb094e25be02ebf3accf42e.bin
.zip

Password: infected
4e1742205a1c552dc1978d9b2bd12354ca58095c3c5588539383555f406b9504.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ