dcrat | 5d232371c6b04bf6e609ee14fc06f3f6[.]bin | Triage

Sharing

General

Target

5d232371c6b04bf6e609ee14fc06f3f6.bin
Size

1.4MB
MD5

c519741bd97e918a01b75e29682fdef6
SHA1

b732fa3317e33b5c93c27816cca3362ed9ffb316
SHA256

dbe0a12ddd61fa89d149ddc5fac4cf9cfec85fc64e7f29459d9c88049af8a0de
SHA512

c505208fe042cbe7287e6a79cdb47841eb0a252b5c64f0ddbba1b50a204c52794ff89e2f79335f41c704f56134cb346d1ca1dccbc17dd81981447923fca0334f
SSDEEP

24576:nq0qRt14pFzkiqcgqB+6CP3sYcn41jteMRQwJLig/IREhldJpb:njG1IzkZi+6qZc4Te5wJLiNSPR

Score

10^/10

rat dcrat

Malware Config

Signatures

DCRat payload 1 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

resource	yara_rule
static1/unpack001/05c4814add59df3a27d840a1494002ac0b0e49aa9348229bd9f438d87e3e56c1.exe	dcrat

Dcrat family
dcrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/05c4814add59df3a27d840a1494002ac0b0e49aa9348229bd9f438d87e3e56c1.exe

Files

5d232371c6b04bf6e609ee14fc06f3f6.bin
.zip

Password: infected
05c4814add59df3a27d840a1494002ac0b0e49aa9348229bd9f438d87e3e56c1.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ