asyncrat | DcRat[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

DcRat.rar
Size

27.3MB
MD5

c4771ae2b7778b56f169574ada082910
SHA1

3407b19586e41697c4551bbbc7bcdd0c974469b7
SHA256

b85e65d5dc5faba2dece7ed261ab12d22529b348ec46cf17e5a7060119abc5ab
SHA512

fb3e3abc8ef6a39ac8a34b950d9b3c085db5ce4270edb71d0a91dba4e7d77628aad26c5cd398c58587e6e216cdaf1f19e54355c1b2a862a63b1cb119c5df7042
SSDEEP

786432:Uv/J72CraLc5UukadBFp1FnGWVdDLfAJOycULkM4/JSQ:Uv/7r02QSxvDLfAgylk9

Score

10^/10

rat default asyncrat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

127.0.0.1:8848

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
true
install_file
GLP_installer_1000218456_market.exe
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 2 IoCs

rat

resource	yara_rule
static1/unpack001/DcRat/GLP_installer_1000218456_market.exe	family_asyncrat
static1/unpack001/DcRat/Stub/Client.exe	family_asyncrat

Asyncrat family
asyncrat

Contains code to disable Windows Defender 1 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
static1/unpack001/DcRat/Plugins/Extra.dll	disable_win_def

Unsigned PE 23 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DcRat/DcRat.exe
unpack001/DcRat/GLP_installer_1000218456_market.exe
unpack001/DcRat/Plugins/Audio.dll
unpack001/DcRat/Plugins/Chat.dll
unpack001/DcRat/Plugins/Extra.dll
unpack001/DcRat/Plugins/FileManager.dll
unpack001/DcRat/Plugins/FileSearcher.dll
unpack001/DcRat/Plugins/Fun.dll
unpack001/DcRat/Plugins/Information.dll
unpack001/DcRat/Plugins/Keylogger.exe
unpack001/DcRat/Plugins/Logger.dll
unpack001/DcRat/Plugins/Miscellaneous.dll
unpack001/DcRat/Plugins/Netstat.dll
unpack001/DcRat/Plugins/Options.dll
unpack001/DcRat/Plugins/ProcessManager.dll
unpack001/DcRat/Plugins/Ransomware.dll
unpack001/DcRat/Plugins/Recovery.dll
unpack001/DcRat/Plugins/Regedit.dll
unpack001/DcRat/Plugins/RemoteCamera.dll
unpack001/DcRat/Plugins/RemoteDesktop.dll
unpack001/DcRat/Plugins/SendFile.dll
unpack001/DcRat/Plugins/SendMemory.dll
unpack001/DcRat/Stub/Client.exe

Files

DcRat.rar
.rar
DcRat/BackupCertificate.zip
.zip
ServerCertificate.p12
DcRat/ClientsFolder/056C7B3A21B336818E4C/SerialNumber.xml
.xml
DcRat/ClientsFolder/44A14F19F6C39E8AE422/CMAW1696.JPEG
.jpg
DcRat/ClientsFolder/44A14F19F6C39E8AE422/IMG_E7477.JPG
.jpg
DcRat/ClientsFolder/4C4AC6F1890F2E86788E/2022_08_18_19_32_IMG_2997.JPG
.jpg
DcRat/ClientsFolder/4C4AC6F1890F2E86788E/AUD000.WAV
DcRat/ClientsFolder/4C4AC6F1890F2E86788E/PIC009.JPG
.jpg
DcRat/ClientsFolder/4C4AC6F1890F2E86788E/REC004.AVI
DcRat/ClientsFolder/4C4AC6F1890F2E86788E/REC010.AVI
DcRat/ClientsFolder/4C4AC6F1890F2E86788E/REC017.AVI
DcRat/ClientsFolder/4C4AC6F1890F2E86788E/messages.csv
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;25;58.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;26;00.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;26;02.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;26;03.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;29;17.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;29;19.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;29;21.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;29;22.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;29;23.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;29;24.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;29;26.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;29;27.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;29;29.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;29;31.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;29;32.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;29;34.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;29;35.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;29;36.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;29;39.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;31;54.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;31;56.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;31;58.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;32;00.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;32;02.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;32;04.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;32;05.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;32;07.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;32;09.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;32;13.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;32;14.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;32;15.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;32;16.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;32;18.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;32;20.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;32;23.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;32;27.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;32;29.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;32;31.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;32;32.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;32;34.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;32;37.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;32;39.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;32;41.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;32;42.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;32;44.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;32;46.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;32;48.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;32;50.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;32;54.jpeg
.jpg
DcRat/ClientsFolder/57728AF005F4629316ED/Camera/IMG_04-15-2023 17;32;57.jpeg
.jpg
DcRat/ClientsFolder/EA86CA00B1E7AF51D0DD/Information/Information.txt
DcRat/DcRat.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

PDB Paths

C:\Users\28718\Documents\GitHub\DcRat\Binaries\Release\DcRat.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 12.2MB - Virtual size: 12.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DcRat/DcRat.exe.config
.xml
DcRat/GLP_installer_1000218456_market.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 405KB - Virtual size: 405KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DcRat/Plugins/Audio.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL

PDB Paths

C:\Users\28718\Documents\GitHub\DcRat\Binaries\Release\Plugins\Audio.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DcRat/Plugins/Chat.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL

PDB Paths

C:\Users\28718\Documents\GitHub\DcRat\Binaries\Release\Plugins\Chat.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 385KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DcRat/Plugins/Extra.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL

PDB Paths

C:\Users\28718\Documents\GitHub\DcRat\Binaries\Release\Plugins\Extra.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DcRat/Plugins/FileManager.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL

PDB Paths

C:\Users\28718\Documents\GitHub\DcRat\Binaries\Release\Plugins\FileManager.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DcRat/Plugins/FileSearcher.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL

PDB Paths

C:\Users\28718\Documents\GitHub\DcRat\Binaries\Release\Plugins\FileSearcher.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 275KB - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DcRat/Plugins/Fun.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL

PDB Paths

C:\Users\28718\Documents\GitHub\DcRat\Binaries\Release\Plugins\Fun.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DcRat/Plugins/Information.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL

PDB Paths

C:\Users\28718\Documents\GitHub\DcRat\Binaries\Release\Plugins\Information.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DcRat/Plugins/Keylogger.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

PDB Paths

C:\Users\28718\Documents\GitHub\DcRat\Binaries\Release\Plugins\Keylogger.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DcRat/Plugins/Logger.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL

PDB Paths

C:\Users\28718\Documents\GitHub\DcRat\Binaries\Release\Plugins\Logger.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DcRat/Plugins/Miscellaneous.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL

PDB Paths

C:\Users\28718\Documents\GitHub\DcRat\Binaries\Release\Plugins\Miscellaneous.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DcRat/Plugins/Netstat.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL

PDB Paths

C:\Users\28718\Documents\GitHub\DcRat\Binaries\Release\Plugins\Netstat.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DcRat/Plugins/Options.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 371KB - Virtual size: 370KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DcRat/Plugins/ProcessManager.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL

PDB Paths

C:\Users\28718\Documents\GitHub\DcRat\Binaries\Release\Plugins\ProcessManager.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DcRat/Plugins/Ransomware.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL

PDB Paths

C:\Users\28718\Documents\GitHub\DcRat\Binaries\Release\Plugins\Ransomware.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DcRat/Plugins/Recovery.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL

PDB Paths

C:\Users\28718\Documents\GitHub\DcRat\Binaries\Release\Plugins\Recovery.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DcRat/Plugins/Regedit.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL

PDB Paths

C:\Users\28718\Documents\GitHub\DcRat\Binaries\Release\Plugins\Regedit.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DcRat/Plugins/RemoteCamera.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL

PDB Paths

C:\Users\28718\Documents\GitHub\DcRat\Binaries\Release\Plugins\RemoteCamera.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DcRat/Plugins/RemoteDesktop.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL

PDB Paths

C:\Users\28718\Documents\GitHub\DcRat\Binaries\Release\Plugins\RemoteDesktop.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DcRat/Plugins/SendFile.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL

PDB Paths

C:\Users\28718\Documents\GitHub\DcRat\Binaries\Release\Plugins\SendFile.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DcRat/Plugins/SendMemory.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL

PDB Paths

C:\Users\28718\Documents\GitHub\DcRat\Binaries\Release\Plugins\SendMemory.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DcRat/ServerCertificate.p12
DcRat/Stub/Client.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

PDB Paths

C:\Users\28718\Documents\GitHub\DcRat\Binaries\Release\Stub\Client.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 12.2MB - Virtual size: 12.2MB

.rsrc Size: 68KB - Virtual size: 67KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 43KB - Virtual size: 43KB

.rsrc Size: 405KB - Virtual size: 405KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 20KB - Virtual size: 20KB

.rsrc Size: 1024B - Virtual size: 804B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 385KB - Virtual size: 384KB

.rsrc Size: 1024B - Virtual size: 804B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 27KB - Virtual size: 27KB

.rsrc Size: 1024B - Virtual size: 804B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 30KB - Virtual size: 29KB

.rsrc Size: 1024B - Virtual size: 684B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 275KB - Virtual size: 275KB

.text
Size: 12.2MB - Virtual size: 12.2MB

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 43KB - Virtual size: 43KB

.rsrc
Size: 405KB - Virtual size: 405KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 1024B - Virtual size: 804B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 385KB - Virtual size: 384KB

.rsrc
Size: 1024B - Virtual size: 804B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 27KB - Virtual size: 27KB

.rsrc
Size: 1024B - Virtual size: 804B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 30KB - Virtual size: 29KB

.rsrc
Size: 1024B - Virtual size: 684B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 275KB - Virtual size: 275KB

.rsrc
Size: 1024B - Virtual size: 836B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 31KB - Virtual size: 31KB

.rsrc
Size: 1024B - Virtual size: 836B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 1024B - Virtual size: 828B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 24KB - Virtual size: 23KB

.rsrc
Size: 1024B - Virtual size: 812B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 78KB - Virtual size: 77KB

.rsrc
Size: 1024B - Virtual size: 692B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 1024B - Virtual size: 812B

.reloc
Size: 512B - Virtual size: 12B