dcrat | Solara_Updater[.]exe | Triage

Resubmissions

Sharing

Copy URL Twitter E-mail

General

Target

Solara_Updater.exe
Size

30.1MB
MD5

b80312d70e7353b026d77121c6ca913e
SHA1

b0a4fb617780e7df91c0788de5ff51dbaeb71162
SHA256

35ba977ffce79570939ca8a1174c612ebbf213c7d9c67ce4096a77bfc66208e4
SHA512

0d93831d0ee6d8307fa3305f6d36a1ca1bf457d10383e3f9a5668ae4efb4b6308622729405d3a46936efd32fefb366917e3b9a8436808c78ad2078d0de0561ed
SSDEEP

196608:tF49/UMhhwSE2/CemooOoyz5XPOv5svw1B:sD/hCLooOF/ORsvw

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Solara_Updater.exe

Files

Solara_Updater.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\nikan\OneDrive\Рабочий стол\X89vM9vMA\payload\obj\Debug\payload.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 30.1MB - Virtual size: 30.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ