Behavioral task
behavioral1
Sample
b9e095f562426c71ebc8e5846168e048d3ff0ba58a027165130358abe0f63d43.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
b9e095f562426c71ebc8e5846168e048d3ff0ba58a027165130358abe0f63d43.exe
Resource
win10v2004-20230703-en
General
-
Target
11212852782.zip
-
Size
354KB
-
MD5
2bd2319a0e7f6694f9068be676d7ef2a
-
SHA1
cff07b9d3212ca6a042ba0abe1707dadf7dcd3a5
-
SHA256
0d1c66e43e9e29de1017fc28aad0912f2d14d2b94ed6ff516cb53e932a7bdf1c
-
SHA512
44fc7161b18f18b16a32afb5ac5f8b5a28ea61204be935fad42f8dd2db7074f6a1a4e36d2f69820750ed0575b1cd012229c938869d265e9b4ed9280642404b1c
-
SSDEEP
6144:5MLgFViyR+MJx7BOsHbjkBtmK8fFuc7x0zDBPJRo/EpPDTPeymdC5uIz9DGQSw2k:5a47BOsfkBtmKnzDt18O9R7sDYN
Malware Config
Signatures
-
resource yara_rule static1/unpack001/b9e095f562426c71ebc8e5846168e048d3ff0ba58a027165130358abe0f63d43 dcrat -
Dcrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/b9e095f562426c71ebc8e5846168e048d3ff0ba58a027165130358abe0f63d43
Files
-
11212852782.zip.zip
Password: infected
-
b9e095f562426c71ebc8e5846168e048d3ff0ba58a027165130358abe0f63d43.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 774KB - Virtual size: 773KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 796B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ