dcrat | 06e7e53c62f291ea0e259f086a1f348c[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

06e7e53c62f291ea0e259f086a1f348c.bin
Size

3.0MB
MD5

406d89c2acd83cc147cc248478c97a96
SHA1

bfa5b16c7af91dc2ec782b19727b73a5464c2a0e
SHA256

9f423cc44963a58e40a79875e389e27ca0efe41b9b894b01c4f74196a552a9b5
SHA512

3754b368e5b52ad0e5f5adc0e3b0f1624a9df54f8d5339f7b120785c0d8061d7956b7356426fd2a477b16ab024c1019a114eecadbb52f09d65a77a3aa99d426a
SSDEEP

49152:gF/6XmEFhhIumxuXjCuJ48pbIXaglx5UoSfDVEldfD/IMSlprm0mOA7/g3vlJvWP:u/6XZ5IumuJfKaglx5UfC3qlprmrOAgM

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
static1/unpack001/c5c537cfff04de0c597d05b695b7fd6c2bf147bf03f7f08d645743758b4cf8f6.exe	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c5c537cfff04de0c597d05b695b7fd6c2bf147bf03f7f08d645743758b4cf8f6.exe

Files

06e7e53c62f291ea0e259f086a1f348c.bin
.zip

Password: infected
c5c537cfff04de0c597d05b695b7fd6c2bf147bf03f7f08d645743758b4cf8f6.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ