dcrat | 30fb1e6f54d2d81cd464b46419bf35ef[.]bin | Triage

Sharing

General

Target

30fb1e6f54d2d81cd464b46419bf35ef.bin
Size

807KB
MD5

554638fe624ee57b19a3ba17540624b1
SHA1

d4bf7ab0b88a44c02eb3e17fd9e63c4079ffa8c0
SHA256

1d6755e6fb1b03b615293d25ad8b49caec12d1be68942b65a1f0d393628ba8e5
SHA512

7d80aa1e3aef42e25c0ee534e2484727a338e953308ab79e968b10541ca1d80d805d05c7d0d88eefca11a9a4d2a9c85b19d8141f066e953e7d78d748367ee89e
SSDEEP

24576:Ol5Tf3Cr2EtHZamXoX3+hBSPWX2ADdNu0aIJdg:CLYtHV4X6APWX5nC6dg

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
static1/unpack001/667774c9b0aa4bfeb3932e3702636520e50dbf291252614a30bd9d2be0dd0b70.exe	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/667774c9b0aa4bfeb3932e3702636520e50dbf291252614a30bd9d2be0dd0b70.exe

Files

30fb1e6f54d2d81cd464b46419bf35ef.bin
.zip

Password: infected
667774c9b0aa4bfeb3932e3702636520e50dbf291252614a30bd9d2be0dd0b70.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ