njrat | BTTTTTTDDD[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

BTTTTTTDDD.exe
Size

787KB
MD5

acbbbddf9ceb1447425856906f1bbe97
SHA1

0ecb339ab394c3434d4189a6ddf87a17d5c70be1
SHA256

b64cac14f078a6ca87fea8fcb890b0f7d3decf335a61d1ff8bc0eb9961804541
SHA512

bf2ea09ebcab68a8b4a46fcb54db24a4111d889301d2db01d8c22a787d75b31aa5f9d9ffe350971579f3c742000a181ce8d68e0e483741a109e1aca4b615a1b1
SSDEEP

12288:iMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9V57ej:insJ39LyjbJkQFMhmC+6GD9vm

Score

10^/10

njrat

Malware Config

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BTTTTTTDDD.exe

Files

BTTTTTTDDD.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 615KB - Virtual size: 614KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 57B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ