dcrat | 21cad48edbc93da2d1e1ab6f6632461a[.]bin | Triage

Sharing

General

Target

21cad48edbc93da2d1e1ab6f6632461a.bin
Size

6.8MB
MD5

21cad48edbc93da2d1e1ab6f6632461a
SHA1

667a584eae5a57937d66d64249c26c8b1b2abf8f
SHA256

32619382ab72416dff258bff30a8b505d6e69e818345612892a121c28f3b23b0
SHA512

9125263a9b31336d350e19f9c79460038f7a6c48db109001e93fd8d7e8aba30c3bf44a362c4f3ee87294d3cf9052cbc8d7da518d34356212cb6f914a9990a21d
SSDEEP

196608:UQKQUc/HMlS2JxmYcmcg7XGqb6Msq51GPo:XKwslSDVoXGe1GQ

Score

10^/10

Malware Config

Signatures

DCRat payload 1 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
rat

Processes:

resource yara_rule

sample dcrat
Dcrat family
dcrat
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

21cad48edbc93da2d1e1ab6f6632461a.bin

Files

21cad48edbc93da2d1e1ab6f6632461a.bin
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 770B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ