njrat | engie[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

engie.zip
Size

84KB
MD5

8a96fb9eee3d0e73b0e1b48088f9a5c8
SHA1

7676808fbd5e1b6d76f8a197f40d55ec15ded7c8
SHA256

687a0b7d0ae49231d42ab47609f37a1020de6dcd725ee76b3e4ff340303785cf
SHA512

f05ff7f4404eb19799d239253ad1bd1b23059a801198e66c7c36b7ce838e6f2395f4c6efe557f9c7f6dc9975d0c16870f6624a0da38d3bb79fb069cd77afa56b
SSDEEP

1536:gtjVeHzRRLaS0OAPHQJe9QYyE7b/rCgVQk7vVkCfYTiM+wK+21/K:gtRm7La1Pw8dX/r1VQSKNyzlK

Score

10^/10

njrat

Malware Config

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/njengie.exe

Files

engie.zip
.zip
njengie.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ