dcrat | ContainerBrowserPerf[.]bin | Triage

Resubmissions

18/09/2023, 09:09

230918-k4j2paaf93 10

18/09/2023, 08:55

230918-kvxw7agc4s 10

Sharing

Copy URL Twitter E-mail

General

Target

ContainerBrowserPerf.bin
Size

3.6MB
MD5

5e700bacded09b6f83171fab900274fd
SHA1

d8aadcad81d74b79f6b6dc443ae8571e4169d7d7
SHA256

78838bb64ddb274d7e0dfa3246e17112fcf591e1dc2309c08429f860710432b8
SHA512

7bbff00dd6e855de6d25700516c5aa98abfe62147d91e545d54e7d91777486571eb16a93c957b8937ca61f3b2fa1776f1e4b61bce341c2b877c8f134473ead91
SSDEEP

98304:12lLygS6TwbSY+1gGjuAjQ225lw46kslvI:1CLyh/x+1g3225e46tv

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ContainerBrowserPerf.bin

Files

ContainerBrowserPerf.bin
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ