NurseRAT release version[.]exe | Triage

Sharing

General

Target

NurseRAT release version.exe
Size

5.0MB
MD5

6f66e117b991ade94358fba1da7a7e0b
SHA1

f8d7a41d5cea9ecb852749724a75d27f0b77d421
SHA256

3bc7953dd08ec98d2105dc72669b5773c091f180e9e8eb3c4eef2142923f0207
SHA512

dc407eeddd9ee167da3b06f89df3f5a2edc7e0b63df8429aa56ad0acaf6ed9e93c66a33105f5d77337569e691297183227f8ffab93517b7f547a0e289d559759
SSDEEP

98304:RSGdJa9t5tl94y3oGNFzlAc/tpVQGHzsZpnGYNZinUDG+kt1Tg8/b5eBZ6/gVKet:hPstP4GNYSmMURbF7ktlLb5eztFmQh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NurseRAT release version.exe

Files

NurseRAT release version.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 4.0MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 174KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nns
Size: 909KB - Virtual size: 912KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE