dcrat | XWorm V5[.]6 SRC LEAKED‮nls[.]msi | Triage

Sharing

Copy URL Twitter E-mail

General

Target

XWorm V5.6 SRC LEAKED‮nls.msi
Size

2.8MB
MD5

0f911509d96f2d5a0a303485390354f5
SHA1

0c6b03c638a6cdb5710616ce6291cccb9086577a
SHA256

faf680e186cd40cc01e630c5cb443659d0ff304ad1e112090c1f9381c4309892
SHA512

0a374ed54f529116405f1dd24675778244a4f42e4e2aec8375551b15548aff19a145c9993fc0d2c07e85a061b70ab0cba13516a01157c8e32487097128c76ecc
SSDEEP

49152:uqA3j+t76ztzFasTyrgcN51q/myDq/WBwrHJQMLSAI7aow89:uq/tstzMsTy0cjqJ+6wzLNIzwg

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
XWorm V5.6 SRC LEAKED‮nls.msi

Files

XWorm V5.6 SRC LEAKED‮nls.msi
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ