DCRat[.]rar | Triage

Resubmissions

11-03-2024 15:16

240311-snpw1aea3y 3

11-03-2024 15:15

240311-smwyxsaa63 7

Sharing

Copy URL

Twitter E-mail

General

Target

DCRat.rar
Size

12.4MB
MD5

c2ace8ac6e4acba9a5a4bf20b11f5c1a
SHA1

57b90e157ef47c3f9bc637e388859d0136f22c1f
SHA256

b6d61b7a6991292dc41fe5e9797f54b3397a2663a154183e9adfeb1999db66b7
SHA512

a0c3fbbc5bc9e2c075181031772550fb062b5e2876ad10d61edd279c74762758f3571ef00996c76f883ef5ac1db325260fa9a96fb21731459489cbaa3955f596
SSDEEP

393216:jnc27JVRyjWlN+8RxF3onWkeQ9kcksum6xckXudbe5PX:jnc4JbyPcxly9e8DLWvw65PX

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DCRat/DCRat.exe
unpack001/DCRat/dcrat_updservice.exe
unpack001/DCRat/plugins/TestDCLIB/file.dclib

Files

DCRat.rar
.rar

Password: onion
DCRat/Bypass_license.bat
DCRat/DCRat.exe
.exe windows:1 windows x86 arch:x86

Password: onion

140094f13383e9ae168c4b35b6af3356

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
ExitProcess
GetComputerNameA
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
SetErrorMode
Sleep
VirtualAllocExNuma

shlwapi

PathFindFileNameA

msvcrt

malloc
free
memset
strcmp
_strcmpi
strcpy

Sections

.text
Size: 10.1MB - Virtual size: 10.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DCRat/Notify.wav
DCRat/dcrat_updservice.exe
.exe windows:4 windows x86 arch:x86

Password: onion

6011984d7c1f1b97a34d7517a498bff8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CreateMutexA
CreateProcessA
ExitProcess
FindResourceExA
FormatMessageA
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetEnvironmentVariableA
GetExitCodeProcess
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GlobalMemoryStatusEx
LoadResource
LocalFree
LockResource
SetEnvironmentVariableA
SetLastError
SetUnhandledExceptionFilter
WaitForSingleObject

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_chdir
_close
_findclose
_findfirst
_findnext
_iob
_itoa
_onexit
_open
_read
_setmode
_stat
atexit
atoi
fclose
fopen
fprintf
fwrite
memset
printf
puts
signal
strcat
strchr
strcmp
strcpy
strlen
strncat
strncpy
strpbrk
strrchr
strstr
strtok

shell32

ShellExecuteA

user32

CreateWindowExA
DispatchMessageA
EnumWindows
FindWindowExA
GetMessageA
GetSystemMetrics
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
KillTimer
LoadImageA
MessageBoxA
PostQuitMessage
SendMessageA
SetForegroundWindow
SetTimer
SetWindowPos
ShowWindow
TranslateMessage
UpdateWindow

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DCRat/design/DeleteAll_legacy.json
DCRat/design/PluginsLoader_legacy.json
DCRat/plugins/TestDCLIB.plg
DCRat/plugins/TestDCLIB/configuration.json
DCRat/plugins/TestDCLIB/fav.png
.png

Password: onion
DCRat/plugins/TestDCLIB/file.dclib
.dll windows:4 windows x86 arch:x86

Password: onion

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Users\Денис\Desktop\DCLIB-master\obj\Debug\DCLIB.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DCRat/plugins/TestDefault.plg
DCRat/plugins/TestDefault/configuration.json
DCRat/plugins/TestDefault/fav.png
.png

Password: onion
DCRat/plugins/TestDefault/file.vbs
DCRat/updatelauncher.bat

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: onion

Password: onion

140094f13383e9ae168c4b35b6af3356

Headers

File Characteristics

Imports

kernel32

shlwapi

msvcrt

Sections

.text Size: 10.1MB - Virtual size: 10.1MB

.idata Size: 512B - Virtual size: 508B

.rsrc Size: 42KB - Virtual size: 41KB

Password: onion

6011984d7c1f1b97a34d7517a498bff8

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

shell32

user32

Sections

.text Size: 24KB - Virtual size: 24KB

.data Size: 512B - Virtual size: 64B

.rdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 35KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 58KB - Virtual size: 58KB

Password: onion

Password: onion

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 4KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 856B

.reloc Size: 512B - Virtual size: 12B

Password: onion

.text
Size: 10.1MB - Virtual size: 10.1MB

.idata
Size: 512B - Virtual size: 508B

.rsrc
Size: 42KB - Virtual size: 41KB

.text
Size: 24KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 64B

.rdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 35KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 58KB - Virtual size: 58KB

.text
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 512B - Virtual size: 12B