dcrat | 333413d3a10dbf3bf121d1ab4b866346[.]bin | Triage

Sharing

General

Target

333413d3a10dbf3bf121d1ab4b866346.bin
Size

1.9MB
MD5

231b8a3808e8e65a002cd3d02204be61
SHA1

0dcbf30fde2d2b34868c628491342bd04b1a09cf
SHA256

e472d4ac46025c6c8b5e0a745cbde67adc25f8297732b8d432ef7b63c219c2b2
SHA512

dee454a7648f78249850689f6eb1f9e8f4d32a99d1d7b37dc46791f7d4d28cfe72dc487b5c57cb01c353bcee40d9c24b4ca32da418dc215d0407f0a9078be14d
SSDEEP

24576:3dC0RIkA2GOwsspeW29stBYj2p3OXgYG7M9hZ6n76aTGj8T9mbOEOdEO9EvCKwO/:hkOebmCwo7WZ6Way89IOdEAGlPzIszD

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
static1/unpack001/7ca900970ade7ffa3ce2cfb9e45f90575e361053749dc0cc3406bd2bebaff842.exe	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7ca900970ade7ffa3ce2cfb9e45f90575e361053749dc0cc3406bd2bebaff842.exe

Files

333413d3a10dbf3bf121d1ab4b866346.bin
.zip

Password: infected
7ca900970ade7ffa3ce2cfb9e45f90575e361053749dc0cc3406bd2bebaff842.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ