Overview

overview

8

Static

static

8

NullRAT/RAT.py

windows7-x64

3

NullRAT/RAT.py

windows10-2004-x64

3

NullRAT/mo...ass.py

windows7-x64

3

NullRAT/mo...ass.py

windows10-2004-x64

3

NullRAT/mo...ens.py

windows7-x64

3

NullRAT/mo...ens.py

windows10-2004-x64

3

NullRAT/mo...ard.py

windows7-x64

3

NullRAT/mo...ard.py

windows10-2004-x64

3

NullRAT/mo...ule.py

windows7-x64

3

NullRAT/mo...ule.py

windows10-2004-x64

3

NullRAT/mo...ory.py

windows7-x64

3

NullRAT/mo...ory.py

windows10-2004-x64

3

NullRAT/mo...ate.py

windows7-x64

3

NullRAT/mo...ate.py

windows10-2004-x64

3

NullRAT/mo...env.py

windows7-x64

3

NullRAT/mo...env.py

windows10-2004-x64

3

NullRAT/mo...ile.py

windows7-x64

3

NullRAT/mo...ile.py

windows10-2004-x64

3

NullRAT/mo...ens.py

windows7-x64

3

NullRAT/mo...ens.py

windows10-2004-x64

3

NullRAT/mo...les.py

windows7-x64

3

NullRAT/mo...les.py

windows10-2004-x64

3

NullRAT/mo...ile.py

windows7-x64

3

NullRAT/mo...ile.py

windows10-2004-x64

3

NullRAT/mo...hot.py

windows7-x64

3

NullRAT/mo...hot.py

windows10-2004-x64

3

NullRAT/mo...les.py

windows7-x64

3

NullRAT/mo...les.py

windows10-2004-x64

3

NullRAT/mo...ell.py

windows7-x64

3

NullRAT/mo...ell.py

windows10-2004-x64

3

NullRAT/mo...tup.py

windows7-x64

3

NullRAT/mo...tup.py

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NullRAT.zip

  • Size

    660KB

  • MD5

    de804326d440bf4bef83f291a6c2f38d

  • SHA1

    da73b6c6d5dee5b1afb7ed5a0b0e0e58bba9752a

  • SHA256

    1d8efd633d8ae1fe4cf315638cb06ab51eecff29912a09337ddf41f211405832

  • SHA512

    418a5bb415839209ae186a1e5ecdedc5b546d0b7706307e1f901da1e581dfc0adfe0e60e8f89069dad7056a4c66c83d387e39b8453ad46305cbded90a60bf25c

  • SSDEEP

    12288:vgMH8mhMTxVlKLDASlRNC0y6k/hOdO9kGJHw8seDQhsS9D7p7tAs:vgMcmhm9KFRNVvk/kI9k49VDQhsS9DVv

Score
8/10
upx

Malware Config

Signatures

  • Patched UPX-packed file 1 IoCs

    Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 3 IoCs

    Checks for missing Authenticode signature.

Files

  • NullRAT.zip
    .zip
  • NullRAT/RAT.py
  • NullRAT/custom_icon.ico
  • NullRAT/modules/ChangePass.py
  • NullRAT/modules/checkedtokens.py
  • NullRAT/modules/clipboard.py
  • NullRAT/modules/create_new_module.py
  • NullRAT/modules/directory.py
  • NullRAT/modules/geolocate.py
  • NullRAT/modules/getenv.py
  • NullRAT/modules/hideFile.py
  • NullRAT/modules/rawtokens.py
  • NullRAT/modules/receivefiles.py
  • NullRAT/modules/runfile.py
  • NullRAT/modules/screenshot.py
  • NullRAT/modules/sendfiles.py
  • NullRAT/modules/shell.py
  • NullRAT/modules/startup.py
  • NullRAT/modules/systeminfo.py
  • NullRAT/modules/tasklist.py
  • NullRAT/modules/unhideFile.py
  • NullRAT/modules/webcam.py
  • NullRAT/modules/wifiList.py
  • NullRAT/modules/wifiPass.py
  • NullRAT/upx/upx.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • compiler.exe
    .exe windows:4 windows x86 arch:x86

    8e70a8eeb4116bb61cbfcec32d883cfe


    Headers

    Imports

    Sections