dcrat | b817873fadd6af466832355a47d1e9ae[.]bin

Resubmissions

30/05/2024, 03:05

240530-dk6b9acb71 10

30/05/2024, 03:04

240530-dkymeacb7x 10

30/05/2024, 02:59

240530-dgr1fsda39 10

Sharing

Copy URL Twitter E-mail

General

Target

b817873fadd6af466832355a47d1e9ae.bin
Size

589KB
MD5

bd26a798cd0e16293854efa0d1c3eeba
SHA1

9379d72142a44e21ef8fb10b032143e68ffd27af
SHA256

0f6215b559b8436f2bd82dacca1a3ea76c1cee35c3f7f526388c0282ecb699db
SHA512

8f5344a6c1f6e016f4b1f366034f4cf2ebe55efd08cab33e35e58ca4cdedcc93fd1fe22b9377ec534bc72185025b33e9226f21b88ef0272c520ae209b9b64df5
SSDEEP

12288:gTchTNOFhNeSDIXXNduWfR8ax5XoUEMSeRlRFZPyHLx1akNeaMEL:3DehNClR8uXoUEnerRnKH91akIaMEL

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

rat

resource	yara_rule
static1/unpack001/c4c83b1a077e713337ea9f76248e9115cebfa105b3338747e3284cd610254581.exe	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c4c83b1a077e713337ea9f76248e9115cebfa105b3338747e3284cd610254581.exe

Files

b817873fadd6af466832355a47d1e9ae.bin
.zip

Password: infected
c4c83b1a077e713337ea9f76248e9115cebfa105b3338747e3284cd610254581.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 986KB - Virtual size: 985KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 986KB - Virtual size: 985KB

.sdata Size: 12KB - Virtual size: 11KB

.rsrc Size: 1024B - Virtual size: 536B

.reloc Size: 512B - Virtual size: 12B

.text
Size: 986KB - Virtual size: 985KB

.sdata
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 1024B - Virtual size: 536B

.reloc
Size: 512B - Virtual size: 12B