dcrat | b4b2022e0cbd64a081bfca68bfce9abf[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b4b2022e0cbd64a081bfca68bfce9abf.bin
Size

3.0MB
MD5

b4b2022e0cbd64a081bfca68bfce9abf
SHA1

4f09525dac9c40e96983c5a7d155ea8cad2d1aba
SHA256

a9d8ad22f5c9cf61f4c1bde58b055d7a3d8480e86090185208ab961ede56b375
SHA512

8556796d61e6e3de7b5e6c3a6047c692f8fc85ee88e8e573cdaab9e42d6f8bc6ec5fcb974b176447dc17501207e1fe0cc5f678c95929172eca1d37e5e8c9abfc
SSDEEP

49152:5hAxGECJpQ5cq3NzQPHFE17rBxnw/WWUwsoU8Z6jprg14sNpu7hhFgk6K0gjlJ:PARCTQcq3OPHFEdBNGU78UdrgXehhykH

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4b2022e0cbd64a081bfca68bfce9abf.bin

Files

b4b2022e0cbd64a081bfca68bfce9abf.bin
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ