dcrat | 36143cc11130b979d02636fcac9a4e5c46f133666c1820f9ca66fa21a403cf82

General

Target

36143cc11130b979d02636fcac9a4e5c46f133666c1820f9ca66fa21a403cf82
Size

952KB
MD5

7c2406ecb9df5839cd05a6624b0ce186
SHA1

45baaf5461ca7eca26b2b43d8782840436e2138b
SHA256

36143cc11130b979d02636fcac9a4e5c46f133666c1820f9ca66fa21a403cf82
SHA512

365ba58966e89765d3e2eab0074bbbfceead0209c1f3998f9ea89d5a45bab58914ac38cb912df211ad73acf685dbce8e8bbe1be3f6d9f54afb1ce4b46fea9f07
SSDEEP

24576:2+O7F9smBDJwWmIezBLwsHuWbxR4AK5ZJXX:R8/KfRTK

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

rat

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Detects executables containing bas64 encoded gzip files 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_Embedded_Gzip_B64Encoded_File

Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36143cc11130b979d02636fcac9a4e5c46f133666c1820f9ca66fa21a403cf82

Files

36143cc11130b979d02636fcac9a4e5c46f133666c1820f9ca66fa21a403cf82
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 950KB - Virtual size: 949KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 950KB - Virtual size: 949KB

.rsrc Size: 1024B - Virtual size: 956B

.reloc Size: 512B - Virtual size: 12B

.text
Size: 950KB - Virtual size: 949KB

.rsrc
Size: 1024B - Virtual size: 956B

.reloc
Size: 512B - Virtual size: 12B