dcrat | 55c067b0f17f051197adb6c926f471d1[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

55c067b0f17f051197adb6c926f471d1.bin
Size

952KB
MD5

92f09a3931d91443548c18b4a46e1a54
SHA1

c8ded2365bdd9faeea478f67109bb6468f8a6fcd
SHA256

d6e08143fa3642be012a01e21dbbcd7ce54d6758df9ecc4b27a1274356f84bfa
SHA512

3c49146fbb4dfa8ef5c1bb80b033f707fc5dbc64a2c49d8e4a9b7e7930f0b5efa7da77b07bff87367eb65dd01c606b26b45e9e437984556e5831f73e00e605d7
SSDEEP

12288:9ZG5v1RS4Bk8pxnBs3Ct8QPlTMfVqFXD5xOhX8iUgVhdg7ZT6dtEDmpWIALaGgOW:OnkcnBgY8Q9Mfq5vP2eCoaTVA+YM

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
static1/unpack001/7b332c9ae15219490ae6cd4099c00ec77e01e9f321b21bbf61e163f78ef9b78d.exe	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7b332c9ae15219490ae6cd4099c00ec77e01e9f321b21bbf61e163f78ef9b78d.exe

Files

55c067b0f17f051197adb6c926f471d1.bin
.zip

Password: infected
7b332c9ae15219490ae6cd4099c00ec77e01e9f321b21bbf61e163f78ef9b78d.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ