dcrat | 26cf98e96e9f93bf48dfa441ff86bde0_NeikiAnalytics | Triage

Sharing

Copy URL Twitter E-mail

General

Target

26cf98e96e9f93bf48dfa441ff86bde0_NeikiAnalytics
Size

2.7MB
MD5

26cf98e96e9f93bf48dfa441ff86bde0
SHA1

8da409de01bd10e21f9b3d89769ac8e79c918d48
SHA256

d49327eef932f63471cbe28ab7103f6fa132f1d409d5cf1026285ff9c51f5a1a
SHA512

93d98054eb34f594fd5043b9f65f12c0fa4c3d9dfb6d427451fdf385969511582cf5436a385f7276f44afed4c1cb97d8bb7da0c6b534522825a50d358c987dd4
SSDEEP

49152:iH64y2XDuLlIY14o9/yDzr1xJ8XbRrC9mWvR08Yv7yP3GcY:iHfE5Ad8Xd295UmGc

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26cf98e96e9f93bf48dfa441ff86bde0_NeikiAnalytics

Files

26cf98e96e9f93bf48dfa441ff86bde0_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ