dcrat | 2b7f820ad4b5f7518071bd730ac2e655[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2b7f820ad4b5f7518071bd730ac2e655.bin
Size

2.1MB
MD5

bea3a00514283f8ec8bdd341146c1dc4
SHA1

69b16883cdece85ebee6abac7a53134019dbc2d6
SHA256

21aa084a00f2294200341159c53c6fd6d91e72bccc23a0935275e7a1d9dcd220
SHA512

89ace58a716ee040915ff37bce1f2d331741f230e9211b42e697d042f862dd5a223637fc8a31c478f32b1809c00316917c9899522eb49d2598b3cc8e5ebc060f
SSDEEP

49152:PGcYMNSjqpMvcKddDhAu7WO5CPiivGD+4Yh9hm96dJlR/w6TP:Pr8qpMfzAu7WO5CPVvGDshm96dJlR/nL

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
static1/unpack001/fc402b8bbe328bc15da197b4f57b67d6fb74530553eb7f6fb2d1aa3d1af64fb6.exe	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/fc402b8bbe328bc15da197b4f57b67d6fb74530553eb7f6fb2d1aa3d1af64fb6.exe

Files

2b7f820ad4b5f7518071bd730ac2e655.bin
.zip

Password: infected
fc402b8bbe328bc15da197b4f57b67d6fb74530553eb7f6fb2d1aa3d1af64fb6.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ