dcrat | 68DFE1E08B8CC7D19FF72334FDD09DB8[.]exe | Triage

Sharing

General

Target

68DFE1E08B8CC7D19FF72334FDD09DB8.exe
Size

4.1MB
MD5

68dfe1e08b8cc7d19ff72334fdd09db8
SHA1

34fb36f9b553c26b0753f540b6a8af1760bb74dc
SHA256

a5f4363625928d7fb64087212bd9d094972260739b274f44b53bbbd5be6d19b7
SHA512

035d3806dafbd5e3a6358072363267178215c74a2f66750792e839d8f24a4244338d1a59862953eb872b5a13ae675647310818a05f1f70206f1ea15157cc8686
SSDEEP

98304:b2iJbE5xmRwLHVZCC55YkdOsfMvBh0ND4wELWZ:yMaxAWHVkq5Y2fMkNDILWZ

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
rat

Processes:

resource yara_rule

sample dcrat
Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
68DFE1E08B8CC7D19FF72334FDD09DB8.exe

Files

68DFE1E08B8CC7D19FF72334FDD09DB8.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 770B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ