dcrat | SolaraBostrapers[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SolaraBostrapers.exe
Size

2.2MB
MD5

f3ea935cf85c736c025898ecf37610d8
SHA1

55d262623356dc9d41c8ebee1ab69e0ed1a5d517
SHA256

1689c06648ca56b74ec995fb0e013458e4d932d3f42dcea0ef6c64a7b45a8b63
SHA512

5c787b6d16de0e86696fdf50fb13302ad0ce9089e23557d926d400b8275733a85b67f572f802a016b8bb8add9224fbc09566983d76bd086ba29720d871933f94
SSDEEP

24576:7hdPVSynUoGQfjVauCy9wQ6an22G/nvxW3WieC+QfL5ZPRnmRme/kvHsTvn7AlVh:WoGQfjwjbA3j+QNdIC27AlDj

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SolaraBostrapers.exe

Files

SolaraBostrapers.exe
.exe windows:4 windows x86 arch:x86

Password: 123

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\максим\Desktop\BitJoiner\payload\obj\Debug\payload.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ