dcrat | Bridgewebsvc[.]exe | Triage

Resubmissions

16-11-2024 10:31

241116-mkna4sylcm 10

Sharing

General

Target

Bridgewebsvc.exe
Size

828KB
MD5

fddea23e803e9e5de212e4c0475c8f93
SHA1

c4426bf36ce54917155da2bfbec1508c5a799664
SHA256

f014b4dd1600fb5ecd92de55165573415c2d7ee184a4f70f2f975ee7909150f6
SHA512

05459fc75998ee306e8de7e544aaf744e5c6e1930dcb7e02b94a566a7ad6e874a9fe50a78a1da50b4e7110282e49353f8ced586117d772b600b84d09ee070591
SSDEEP

12288:F+RK+UfXST5/rKMyFckcb8M41AT0z/GAFPz3DhsHxrofdV:5STuMMATKPTVgxr4

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
sample	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Bridgewebsvc.exe

Files

Bridgewebsvc.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 813KB - Virtual size: 813KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ