dcrat | 1d98bb52c2eeac75f2e83e8b0b88459f[.]bin | Triage

Sharing

General

Target

1d98bb52c2eeac75f2e83e8b0b88459f.bin
Size

1.3MB
MD5

7f6d6a119c49376a4497b4b80c40cc5d
SHA1

68137e634e5ae8b16243fa6b02a40229bcf4b2f1
SHA256

f9e0afec65e6aeb4af35617e7967b028a77e6b5c10de2b7b064e9337d8f1ef4d
SHA512

2ece8c9bf0da45795455a7af56c8fb0bdda6c7fca75a5551c12506fd51ed4e308246df08c1f8187d525a9b72d802a8b8f21fd40be02adf894af0e563e110000f
SSDEEP

24576:xPMerAcy2uldrZx4rofTGK27xOMqwaJGI7UUboz51Yug7S7ZTEIwSfBYc85d+W0r:VMwAcy2o9x4+72VvmT72YuKS7ZTvjYb6

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

Processes:

resource	yara_rule
static1/unpack001/6cb8969c2e226f0597598198992dd4afd52d70ac83c187852d3cd872dd6b7a0d.exe	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/6cb8969c2e226f0597598198992dd4afd52d70ac83c187852d3cd872dd6b7a0d.exe

Files

1d98bb52c2eeac75f2e83e8b0b88459f.bin
.zip

Password: infected
6cb8969c2e226f0597598198992dd4afd52d70ac83c187852d3cd872dd6b7a0d.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ