njrat | 1234[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1234.rar
Size

79KB
MD5

dd019280bf93a2b8fb4ea3010869f036
SHA1

de944d30c7e102bc5792a7e9797c73ebfe1a7eb8
SHA256

425694cddd39268f6754c47fbde45a08178979378d189a2ae689173f1fb2ffdc
SHA512

0a03e15d147939cdc28bbb594d132d2d828f83e48eef9541e0ccd4ebe9b29d0378b47180f3b31a50bc63652ca135e0f4af2635d9e4c365dfa06a967af18c8564
SSDEEP

1536:Ej+hgSCkVYcom6kms32vDy7/3kClNdrmneG7zEvyV399mQ5AP3NFqnz:xhxCaLXX3/7fkeNVqzEKVuvPdwz

Score

10^/10

njrat

Malware Config

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1234.exe

Files

1234.rar
.rar
1234.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ