dcrat | 05360099[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

05360099.exe
Size

1.5MB
MD5

04c24bd4ef93a9cc5db8755737bbc818
SHA1

35c845775b4ad1bd656335f629cf9ded7d4164d6
SHA256

2be3c75848de100a4a80d0871eaf977fd1efcbf46a91bebd722a42a10ec358cb
SHA512

ec9d25cdacb94ce631f7b89f37a592f65b7f611e1591b9fb0913b55c51723af15e0e83ceef535fb3abdd6b070797703e636f3a0a5c498f083e9239675c7f9a36
SSDEEP

24576:DIEba4hSpQuZz7mpyvjrc/EDkSC6usgq/uRUC/pryG4CNgd1UeIJQVF5cFhRgtqP:DIs+pQ0jQCkDxgjzzXogtq

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05360099.exe

Files

05360099.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ