Behavioral task
behavioral1
Sample
f2ec2310fa42558325aa15725b1913a022408f8b493b07279bb059e3fceafce7.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f2ec2310fa42558325aa15725b1913a022408f8b493b07279bb059e3fceafce7.exe
Resource
win10v2004-20240412-en
General
-
Target
f2ec2310fa42558325aa15725b1913a022408f8b493b07279bb059e3fceafce7
-
Size
2.0MB
-
MD5
8ac0c63c70a8f4a7ac09839dc47dc32f
-
SHA1
99f1f14185984f2adeac7beeacacc2e88f16e157
-
SHA256
f2ec2310fa42558325aa15725b1913a022408f8b493b07279bb059e3fceafce7
-
SHA512
bf888d932f1e03e28a51bcccf7fb5547325db0c14565e8d68c70bc5d12939b050bcb7d725d4539351ce0a2e230deede50c4feea95a444631f1a5e44ecff42d89
-
SSDEEP
24576:Un2XTCHM4xT9V3XzsHhVmatCELYIXVelAtgbHHd:CaTUv0jmtEttc
Malware Config
Signatures
-
Processes:
resource yara_rule sample dcrat -
Dcrat family
-
Detects executables containing bas64 encoded gzip files 1 IoCs
Processes:
resource yara_rule sample INDICATOR_SUSPICIOUS_EXE_Embedded_Gzip_B64Encoded_File -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource f2ec2310fa42558325aa15725b1913a022408f8b493b07279bb059e3fceafce7
Files
-
f2ec2310fa42558325aa15725b1913a022408f8b493b07279bb059e3fceafce7.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 2.0MB - Virtual size: 2.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 920B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ