Njrat[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Njrat.rar
Size

16.7MB
MD5

ff88852b99413a4e8e23dee0db62dae6
SHA1

83b6547e22d887e2abda89cab681c3c85809f46f
SHA256

199a785ef4602af916cc04b46ab2856bc494c2e41798d70fa0701a54df869354
SHA512

a21c8c0399bc4101abba308115dde87c899945c39aa65885079598891fdf79895a72eef723ca7cf6f71051cde474136e94d521a3e9fb288b20a051874dea2c97
SSDEEP

393216:mKObOeZfVsUHhWLqJs4GnXoVwQTHki6QsA4D3JUpsXp6c67:mNOIVTY+qnYVwQd61b+p6pU

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/NjRat 0.7D.exe
unpack001/Plugin/cam.dll
unpack001/Plugin/ch.dll
unpack001/Plugin/mic.dll
unpack001/Plugin/plg.dll
unpack001/Plugin/pw.dll
unpack001/Plugin/sc2.dll
unpack001/WinMM.Net.dll

Files

Njrat.rar
.rar
GeoIP.dat
Icons/Bokehlicia-Captiva-Atom.ico
Icons/Bokehlicia-Captiva-Blender.ico
Icons/Bokehlicia-Captiva-Firewall-config.ico
Icons/Bokehlicia-Captiva-Nvidia-settings.ico
Icons/Bokehlicia-Captiva-Utilities-system-monitor.ico
Icons/Bokehlicia-Captiva-Web-slack.ico
Icons/Carlosjj-Microsoft-Office-2013-Access.ico
Icons/Carlosjj-Microsoft-Office-2013-Excel.ico
Icons/Carlosjj-Microsoft-Office-2013-InfoPath.ico
Icons/Carlosjj-Microsoft-Office-2013-Lync.ico
Icons/Carlosjj-Microsoft-Office-2013-Office.ico
Icons/Carlosjj-Microsoft-Office-2013-Outlook.ico
Icons/Carlosjj-Microsoft-Office-2013-PowerPoint.ico
Icons/Carlosjj-Microsoft-Office-2013-Word.ico
Icons/Ccard3dev-Dynamic-Yosemite-Numbers.ico
Icons/Chrisbanks2-Cold-Fusion-Hd-Radar.ico
Icons/Cornmanthe3rd-Plex-Android-App-drawer.ico
Icons/Cornmanthe3rd-Plex-Android-Baconreader.ico
Icons/Cornmanthe3rd-Plex-Android-Ebay.ico
Icons/Graphicloads-Colorful-Long-Shadow-Analytics.ico
Icons/Graphicloads-Colorful-Long-Shadow-Cloud.ico
Icons/Graphicloads-Colorful-Long-Shadow-Favourite.ico
Icons/Graphicloads-Colorful-Long-Shadow-Restaurant.ico
Icons/Graphicloads-Polygon-Cart-add.ico
Icons/Graphicloads-Seo-Services-Pay-per-click.ico
Icons/Harwen-Red-Christmas-Home.ico
Icons/Harwen-V-Day-Valentines-Day-Honey.ico
Icons/Harwen-V-Day-Valentines-Day-Present.ico
Icons/Hopstarter-Sleek-Xp-Basic-Money.ico
Icons/Hopstarter-Sleek-Xp-Software-Opera.ico
Icons/Iconka-St-Patricks-Day-Hat-tophat.ico
Icons/Icons-Land-Weather-Moon-Phase-Full.ico
Icons/Icons-Land-Weather-Sleet.ico
Icons/Icons8-Windows-8-Logos-Xbox.ico
Icons/Icons8-Windows-8-Security-Security-Checked.ico
Icons/Iconshock-Trendy-Guys-Andrew.ico
Icons/Indeepop-Crazy-Crown.ico
Icons/Johanchalibert-Mac-Osx-Yosemite-Safari.ico
Icons/Kevin-Thompson-Love-And-Breakup-Love-box.ico
Icons/Paddy-Web20rigami-Firefox.ico
Icons/Petalart-Business-Cloud-upload.ico
Icons/Ph03nyx-Super-Mario-Mushroom-Super.ico
Icons/Photoshopedia-Xedia-Firefox.ico
Icons/Tooschee-Misc-Present.ico
Icons/Tooschee-Misc-Sync.ico
Icons/Wallpaperfx-3d-Softwarefx-Acrobat-Reader.ico
Icons/Wallpaperfx-3d-Softwarefx-Chrome.ico
Icons/Wallpaperfx-3d-Softwarefx-Dreamviewer.ico
Icons/Wallpaperfx-3d-Softwarefx-Facebook.ico
Icons/Wallpaperfx-3d-Softwarefx-Firefox.ico
Icons/Wallpaperfx-3d-Softwarefx-ITunes.ico
Icons/Wallpaperfx-3d-Softwarefx-Illustrator.ico
Icons/Wallpaperfx-3d-Softwarefx-Photoshop.ico
Icons/Wallpaperfx-3d-Softwarefx-Quicktime.ico
Icons/Wallpaperfx-3d-Softwarefx-Safari.ico
Icons/Wallpaperfx-3d-Softwarefx-Skype.ico
Icons/Wallpaperfx-3d-Softwarefx-Thunderbird.ico
Icons/Wallpaperfx-3d-Softwarefx-Utorrent.ico
Icons/Wallpaperfx-3d-Softwarefx-Vlc.ico
Icons/Wallpaperfx-3d-Softwarefx-Winamp.ico
Icons/Wallpaperfx-3d-Softwarefx-Windows-Media-Player.ico
Icons/Wallpaperfx-3d-Softwarefx-Yahoo.ico
Icons/Wallpaperfx-3d-Softwarefx-Youtube.ico
NjRat 0.7D.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11.9MB - Virtual size: 11.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugin/cam.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 177B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugin/ch.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 177B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugin/mic.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 177B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugin/plg.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 177B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugin/pw.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 177B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugin/sc2.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 177B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Stub/Stub.il
Stub/Stub.manifest
.xml
WinMM.Net.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 11.9MB - Virtual size: 11.9MB

.rsrc Size: 33KB - Virtual size: 32KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

File Characteristics

Imports

mscoree

Sections

.text Size: 97KB - Virtual size: 96KB

.sdata Size: 512B - Virtual size: 177B

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

File Characteristics

Imports

mscoree

Sections

.text Size: 43KB - Virtual size: 42KB

.sdata Size: 512B - Virtual size: 177B

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

File Characteristics

Imports

mscoree

Sections

.text Size: 74KB - Virtual size: 74KB

.sdata Size: 512B - Virtual size: 177B

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

File Characteristics

Imports

mscoree

Sections

.text Size: 62KB - Virtual size: 62KB

.sdata Size: 512B - Virtual size: 177B

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

File Characteristics

Imports

mscoree

Sections

.text Size: 270KB - Virtual size: 270KB

.sdata Size: 512B - Virtual size: 177B

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

File Characteristics

Imports

mscoree

Sections

.text Size: 43KB - Virtual size: 43KB

.sdata Size: 512B - Virtual size: 177B

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

.text
Size: 11.9MB - Virtual size: 11.9MB

.rsrc
Size: 33KB - Virtual size: 32KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 97KB - Virtual size: 96KB

.sdata
Size: 512B - Virtual size: 177B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 43KB - Virtual size: 42KB

.sdata
Size: 512B - Virtual size: 177B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 74KB - Virtual size: 74KB

.sdata
Size: 512B - Virtual size: 177B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 62KB - Virtual size: 62KB

.sdata
Size: 512B - Virtual size: 177B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 270KB - Virtual size: 270KB

.sdata
Size: 512B - Virtual size: 177B

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 43KB - Virtual size: 43KB

.sdata
Size: 512B - Virtual size: 177B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 41KB - Virtual size: 41KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 12B