dcrat | 1455c4a22357a2c3e5a689c0d37e0580[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1455c4a22357a2c3e5a689c0d37e0580.bin
Size

220KB
MD5

1ea90703aaaa74a25eda2169e162f257
SHA1

142db044d7caae1847c0731533c5d6dc4312fe81
SHA256

4ec75161250b5f3c3ebfa1b9614fe92b618fd4f6b37d3887b4ce1047204df731
SHA512

b988f644be1092090f5b5da94d3617900b1834c640369eacf7f30b45d3fb3d4088d37929c1a041aa0c6aa018b0d3527a1afe97d2fa96fd535b83eab21819577a
SSDEEP

6144:dSm31vi+UveBGkocbKm2K2CJ+wknY+rb+:dp5ZC8ycJ2HhwGLb+

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
static1/unpack001/2ddc6af74674611a9cf929698260f5002f6910c6b6742df6de59279d83c6def0.exe	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2ddc6af74674611a9cf929698260f5002f6910c6b6742df6de59279d83c6def0.exe

Files

1455c4a22357a2c3e5a689c0d37e0580.bin
.zip

Password: infected
2ddc6af74674611a9cf929698260f5002f6910c6b6742df6de59279d83c6def0.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 486KB - Virtual size: 486KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ