njrat | Desktop[.]7z

Resubmissions

01-10-2023 16:43

231001-t8rf1aca6v 10

01-10-2023 16:29

231001-ty8yasde48 10

Sharing

Copy URL

Twitter E-mail

General

Target

Desktop.7z
Size

40.8MB
MD5

de689d7172570975e45c8de861703d9a
SHA1

ca93484119dab6a2058dfd4c8394c1e4dc328e6f
SHA256

8324822dead804bf3ea27145f2ad10bf55d839ec8cd914d48160674c8cb50445
SHA512

6fdbcd62e70ee4cf6a066697ce224da349993a97b8e913bbb6a1e47b2c8b91a786a134d3fd023671b919d78436cbfa53ac3ba93cdb424988546c9ec30455e6bd
SSDEEP

786432:q+3daapFvXlfdw7y6+SdIapVSNtx/vb26n9GYoQ4Ri4yYqJS8ynd4NMn:Po49leytCVS1nbpLpNSddjn

Score

10^/10

njrat

Malware Config

Signatures

Njrat family
njrat

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack002/New Client.exe
unpack001/605ae070d6b97c482879e332143748a62d6023468d4e4463d6e7dfc1cd8ad468

Files

Desktop.7z
.7z .zip
230929-sg5nwade86_pw_infected.zip
.zip

Password: infected
New Client.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
231001-tg7znsdd48_pw_infected.zip.zip
.zip
605ae070d6b97c482879e332143748a62d6023468d4e4463d6e7dfc1cd8ad468
.exe windows:4 windows x86

3a2003ea545fe942681da9e7683ebb58

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
CreateDirectoryA
CreateProcessA
CreateSemaphoreA
DeleteFileA
ExitProcess
FindAtomA
GetAtomNameA
GetCommandLineA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
InterlockedDecrement
InterlockedIncrement
ReleaseSemaphore
SetFileAttributesA
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

msvcrt

_fdopen
_read
_strdup
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_ctype
_errno
_fstati64
_iob
_isctype
_lseeki64
_onexit
_pctype
_setmode
_strnicmp
_vsnprintf
abort
atexit
fclose
fflush
fopen
fprintf
free
localeconv
malloc
memchr
memcpy
memmove
memset
rand
setlocale
setvbuf
signal
srand
strcat
strcmp
strcoll
strcpy
strftime
strlen
strtod
strxfrm
time

shell32

SHGetFolderPathA
ShellExecuteA

Sections

.text
Size: - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lol 0
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lol 1
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BestToolbars.7z.zip
.zip
Minecraft.keygen.by.cat.bin.zip
.zip
WKAopkeae.bin.zip
.zip
XWare loader.bin.zip
.zip
early-2010s-adware.7z.zip
.zip
mapper.bin.zip
.zip
sightware.bin.zip
.zip

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 161KB - Virtual size: 161KB

.sdata Size: 1024B - Virtual size: 792B

.rsrc Size: 1024B - Virtual size: 576B

.reloc Size: 512B - Virtual size: 12B

3a2003ea545fe942681da9e7683ebb58

Headers

File Characteristics

Imports

kernel32

msvcrt

shell32

Sections

.text Size: - Virtual size: 239KB

.data Size: - Virtual size: 608B

.rdata Size: - Virtual size: 9KB

.bss Size: - Virtual size: 18KB

.idata Size: - Virtual size: 2KB

.lol 0 Size: - Virtual size: 13KB

.lol 1 Size: 135KB - Virtual size: 134KB

.rsrc Size: 26KB - Virtual size: 25KB

.text
Size: 161KB - Virtual size: 161KB

.sdata
Size: 1024B - Virtual size: 792B

.rsrc
Size: 1024B - Virtual size: 576B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: - Virtual size: 239KB

.data
Size: - Virtual size: 608B

.rdata
Size: - Virtual size: 9KB

.bss
Size: - Virtual size: 18KB

.idata
Size: - Virtual size: 2KB

.lol 0
Size: - Virtual size: 13KB

.lol 1
Size: 135KB - Virtual size: 134KB

.rsrc
Size: 26KB - Virtual size: 25KB