dcrat | Nurik[.]exe[.]exe | Triage

Sharing

General

Target

Nurik.exe.exe
Size

1.4MB
MD5

9493802d03c38018bec6f0c378ecccb2
SHA1

3634874fe3f261f85549b4fa18de218c6e3a1023
SHA256

7503a5dc33aaafdaeeb0b45e3688ce8dc3c640d9d7323302a3055bd18b83f5a9
SHA512

190161d95cfa96022425d4bf0c9160a1758b07ffcb6954561203fded8f7046919aaf7253b682f99a52b8618649818814612b5a5d02de68ef4007d8ec2bb52140
SSDEEP

24576:Pz2ABe2G/nvxW3WckpJWjXbNQsVZy8v8BQSsZWcJ4LO:Pz9MbA3wvW+sVZy8fZW

Score

10^/10

rat dcrat 44caliber

Malware Config

Signatures

44caliber family
44caliber

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

Processes:

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
Nurik.exe.exe

Files

Nurik.exe.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\rusla\OneDrive\Desktop\BitJoiner\payload\obj\Debug\payload.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ